Installing Firmware

Verifying the configuration

After installing a new firmware file, you should verify that the configuration has been successfully converted to the format required by the new firmware and that no configuration data has been lost.

In addition to verifying successful conversion, verifying the configuration also provides familiarity with new and changed features.

To verify the configuration upgrade

  1. Clear your browser’s cache.
  2. Log in to the web UI using the admin administrator account.

Other administrator accounts may not have sufficient privileges to completely review the configuration.

  1. Review the configuration and compare it with your configuration backup to verify that the configuration has been correctly converted.


If you are upgrading, it is especially important to note that the upgrade process may require a specific path. Very old versions of the firmware may not be supported by the configuration upgrade scripts that are used by the newest firmware. As a result, you may need to upgrade to an intermediate version of the firmware first, before upgrading to your intended version. Upgrade paths are described in the Release Notes.

Before upgrading the firmware of the FortiMail unit, for the most current upgrade information, review the Release Notes for the new firmware version. Release Notes are available from when downloading the firmware image file.

Release Notes may contain late-breaking information that was not available at the time this Administration Guide was prepared.

Clean installing firmware

Clean installing the firmware can be useful if:

  • you are unable to connect to the FortiMail unit using the web-based manager or the CLI
  • you want to install firmware without preserving any existing configuration
  • a firmware version that you want to install requires that you format the boot device (see the Release Notes accompanying the firmware)

Unlike upgrading or downgrading firmware, clean installing firmware re-images the boot device, including the signatures that were current at the time that the firmware image file was created. Also, a clean install can only be done during a boot interrupt, before network connectivity is available, and therefore requires a local console connection to the CLI. A clean install cannot be done through a network connection.

Back up your configuration before beginning this procedure, if possible. A clean install resets the configuration, including the IP addresses of network interfaces. For information on backups, see “Backup and restore” on page 218. For information on reconnecting to a FortiMail unit whose network interface configuration has been reset, see “Reconnecting to the FortiMail unit” on page 691.

To clean install the firmware

  1. Download the firmware file from the Fortinet Technical Support web site,
  2. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
  3. Initiate a local console connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
  4. Connect port1 of the FortiMail unit directly to the same subnet as a TFTP server.
  5. Copy the new firmware image file to the root directory of the TFTP server.
  6. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.

To use the FortiMail CLI to verify connectivity, if it is responsive, enter the following command:

execute ping where is the IP address of the TFTP server.

  1. Enter the following command to restart the FortiMail unit: execute reboot

or power off and then power on the FortiMail unit.

  1. As the FortiMail units starts, a series of system startup messages are displayed.

Press any key to display configuration menu……..

  1. Immediately press a key to interrupt the system startup.

If you successfully interrupt the startup process, the following messages appears:

[G]: Get firmware image from TFTP server. [F]: Format boot device. [B]: Boot with backup firmware and set as default. [I]: Configuration and information. [Q]: Quit menu and continue to boot with default firmware. [H]: Display this list of options.

Enter G,F,B,I,Q,or H:

10.If the firmware version requires that you first format the boot device before installing firmware, type F. (Format boot device) before continuing.

11.Type G to get the firmware image from the TFTP server.

The following message appears:

Enter TFTP server address []:

12.Type the IP address of the TFTP server and press Enter.

The following message appears:

Enter Local Address []:

13.Type a temporary IP address that can be used by the FortiMail unit to connect to the TFTP server.

The following message appears:

Enter File Name [image.out]:

14.Type the firmware image file name and press Enter.

The FortiMail unit downloads the firmware image file from the TFTP server and displays a message similar to the following:

Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]

15.Type D.

The FortiMail unit downloads the firmware image file from the TFTP server. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

The FortiMail unit reverts the configuration to default values for that version of the firmware.

16.Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all tab, button, and other changes.

17.To verify that the firmware was successfully installed, log in to the CLI and type: get system status

The firmware version number appears.

18.Either reconfigure the FortiMail unit or restore the configuration file from a backup. For details, see “Restoring the configuration” on page 692.

19.Update the attack definitions.

Installing firmware replaces the current FortiGuard Antivirus definitions with the definitions included with the firmware release you are installing. After you install new firmware, update the antivirus definitions. For details, see “Configuring FortiGuard updates and antispam queries” on page 233.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.