Chapter 2 – Getting Started

Leave a reply

To load the firmware for later installation – CLI

execute restore secondary-image {ftp | tftp | usb}

To set the FortiGate so that when it reboots, the new firmware is loaded, use the CLI command…

execute set-next-reboot {primary | secondary}

… where {primary | secondary} is the partition with the preloaded firmware.

To trigger the upgrade using the GUI

1. Go to the Dashboard and locate the System Information widget.

2. Beside Firmware Version, select Details.

3. Select the check box for the new firmware version.

The Comments column indicates which firmware version is the current active version.

4. Select Upgrade icon.

 

Configuration Backups

Once you configure the FortiGate and it is working correctly, it is extremely important that you backup the configuration. In some cases, you may need to reset the FortiGate to factory defaults or perform a TFTP upload of the firmware, which will erase the existing configuration. In these instances, the configuration on the device will have to be recreated, unless a backup can be used to restore it. You should also backup the local certificates, as the unique SSL inspection CA and server certificates that are generated by your FortiGate by default are not saved in a system backup.

It is also recommended that once any further changes are made that you backup the configuration immediately, to ensure you have the most current configuration available. Also, ensure you backup the configuration before upgrading the FortiGate’s firmware. Should anything happen during the upgrade that changes the configuration, you can easily restore the saved configuration.

Always backup the configuration and store it on the management computer or off-site. You have the option to save the configuration file to various locations including the local PC, USB key, FTP and TFTP site.The latter two are configurable through the CLI only.

If you have VDOMs, you can back up the configuration of the entire FortiGate or only a specific VDOM. Note that if you are using FortiManager or FortiCloud, full backups are performed and the option to backup individual VDOMs will not appear.

 

Backing up the configuration using the GUI

1. Go to the Dashboard and locate the System Information widget.

2. Beside System Configuration, select Backup.

3. Select to backup to your Local PC or to a USB key.

The USB Disk option will be grayed out if no USB drive is inserted in the USB port. You can also backup to the

FortiManager using the CLI.

4. If VDOMs are enabled, select to backup the entire FortiGate configuration (Full Config) or only a specific VDOM

configuration (VDOM Config).

5. If backing up a VDOM configuration, select the VDOM name from the list.

6. Select Encrypt configuration file.

Encryption must be enabled on the backup file to back up VPN certificates.

7. Enter a password and enter it again to confirm it. You will need this password to restore the file.

8. Select Backup.

9. The web browser will prompt you for a location to save the configuration file. The configuration file will have a

.conf extension.

 

Backing up the configuration using the CLI

Use the following command:

execute backup config management-station <comment>

… or …

execute backup config usb <backup_filename> [<backup_password>]

… or for FTP, note that port number, username are optional depending on the FTP site…

execute backup config ftp <backup_filename> <ftp_server> [<port>] [<user_name>] [<password>]

… or for TFTP …

execute backup config tftp <backup_filename> <tftp_servers> <password>

Use the same commands to backup a VDOM configuration by first entering the commands:

config vdom

edit <vdom_name>

 

Backup and restore the local certificates

This procedure exports a server (local) certificate and private key together as a password protected PKCS12 file. The export file is created through a customer-supplied TFTP server. Ensure that your TFTP server is running and accessible to the FortiGate before you enter the command.

 

Backing up the local certificates

Connect to the CLI and use the following command:

execute vpn certificate local export tftp <cert_name> <filename> <tftp_ip>

 

where:

 

  • <cert_name> is the name of the server certificate.
  • <filename> is a name for the output file.
  • <tftp_ip> is the IP address assigned to the TFTP server host interface.

 

Restoring the local certificates – GUI

1. Move the output file from the TFTP server location to the management computer.

2. Go to System > Certificates and select Import.

3. Select the appropriate Type of certificate and fill in any required fields.

4. Select Browse. Browse to the location on the management computer where the exported file has been saved, select the file and select Open.

5. If required, enter the Password needed to upload the exported file..

6. Select OK.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.