Chapter 2 – Getting Started

Leave a reply

Testing new firmware before installing

FortiOS enables you to test a new firmware image by installing the firmware image from a system reboot and saving it to system memory. After completing this procedure, the FortiGate operates using the new firmware image with the current configuration. This new firmware image is not permanently installed. The next time the FortiGate restarts, it operates with the originally installed firmware image using the current configuration. If the new firmware image operates successfully, you can install it permanently using the procedure Upgrading the firmware – GUI on page 230 .

To use this procedure, you must connect to the CLI using the FortiGate console port and a RJ-45 to DB-9 or null modem cable. This procedure temporarily installs a new firmware image using your current configuration.

For this procedure, you must install a TFTP server that you can connect to from the FortiGate internal interface. The TFTP server should be on the same subnet as the internal interface.

 

To test the new firmware image

1. Connect to the CLI using a RJ-45 to DB-9 or null modem cable.

2. Make sure the TFTP server is running.

3. Copy the new firmware image file to the root directory of the TFTP server.

4. Make sure the FortiGate can connect to the TFTP server using the execute ping command.

5. Enter the following command to restart the FortiGate:

execute reboot

6. As the FortiGate reboots, press any key to interrupt the system startup. As the FortiGate starts, a series of system startup messages appears.

When the following messages appears:

Press any key to display configuration menu….

7. Immediately press any key to interrupt the system startup.

You have only 3 seconds to press any key. If you do not press a key soon enough, the

FortiGate reboots and you must login and repeat the execute reboot command.

If you successfully interrupt the startup process, the following messages appears:

[G]: Get firmware image from TFTP server. [F]: Format boot device.

[B]: Boot with backup firmware and set as default

[C]: Configuration and information

[Q]: Quit menu and continue to boot with default firmware. [H]: Display this list of options.

Enter G, F, Q, or H:

The following message appears:

Enter TFTP server address [192.168.1.168]:

9. Type the address of the TFTP server and press Enter.

The following message appears:

Enter Local Address [192.168.1.188]:

10. Type an IP address of the FortiGate to connect to the TFTP server.

The IP address must be on the same network as the TFTP server.

Make sure you do not enter the IP address of another device on this network. The following message appears:

Enter File Name [image.out]:

11. Enter the firmware image file name and press Enter.

The TFTP server uploads the firmware image file to the FortiGate and the following appears.

Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]

12. Type R.

The FortiGate image is installed to system memory and the FortiGate starts running the new firmware image, but with its current configuration.

You can test the new firmware image as required. When done testing, you can reboot the FortiGate, and the

FortiGate will resume using the firmware that was running before you installed the test firmware.

 

Upgrading the firmware – GUI

Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date.

 

Always remember to back up your configuration before making any changes to the firmware.

To upgrade the firmware

1. Log into the GUI as the admin administrative user.

2. Go to the Dashboard and locate the System Information widget.

3. Beside Firmware Version, select Update.

4. Type the path and filename of the firmware image file, or select Browse and locate the file.

5. Select OK.

The FortiGate uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the

FortiGate login. This process takes a few minutes.

 

Upgrading the firmware – CLI

Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. You can also use the CLI command execute update-now to update the antivirus and attack definitions. For more information, see the System Administration handbook.

Before you begin, ensure you have a TFTP server running and accessible to the FortiGate.

Always remember to back up your configuration before making any changes to the firmware.

 

To upgrade the firmware using the CLI

1. Make sure the TFTP server is running.

2. Copy the new firmware image file to the root directory of the TFTP server.

3. Log into the CLI.

4. Make sure the FortiGate can connect to the TFTP server.

You can use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168:

execute ping 192.168.1.168

5. Enter the following command to copy the firmware image from the TFTP server to the FortiGate:

execute restore image tftp <filename> <tftp_ipv4>

Where <name_str>  is the name of the firmware image file and <tftp_ip4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

execute restore image tftp image.out 192.168.1.168

The FortiGate responds with the message:

This operation will replace the current firmware version!

Do you want to continue? (y/n)

6. Type y.

7. The FortiGate uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes.

8. Reconnect to the CLI.

9. Update antivirus and attack definitions, by entering:

execute update-now

There is a possibility that the firmware upgrade does not load properly and the FortiGate will not boot, or continuously reboots. If this occurs, it is best to perform a fresh install of the firmware from a reboot using the CLI.

 

This procedure installs a firmware image and resets the FortiGate to default settings. You can use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware.

To use this procedure, you must connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable. This procedure reverts the FortiGate to its factory default configuration.

For this procedure you install a TFTP server that you can connect to from the FortiGate internal interface. The

TFTP server should be on the same subnet as the internal interface.

Before beginning this procedure, ensure you back up the FortiGate configuration.

If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file.

Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.