Chapter 2 – Getting Started

To install firmware from a system reboot

1. Connect to the CLI using the RJ-45 to DB-9 or null modem cable.

2. Make sure the TFTP server is running.

3. Copy the new firmware image file to the root directory of the TFTP server.

4. Make sure the internal interface is connected to the same network as the TFTP server.

5. To confirm the FortiGate can connect to the TFTP server, use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168:

execute ping 192.168.1.168

6. Enter the following command to restart the FortiGate.

execute reboot

The FortiGate responds with the following message:

This operation will reboot the system! Do you want to continue? (y/n)

7. Type y.

As the FortiGate starts, a series of system startup messages appears. When the following messages appears:

Press any key to display configuration menu……….

Immediately press any key to interrupt the system startup.

You have only 3 seconds to press any key. If you do not press a key soon enough, the

FortiGate reboots and you must log in and repeat the execute reboot command.

If you successfully interrupt the startup process, the following messages appears:

[G]: Get firmware image from TFTP server.

[F]: Format boot device.

[B]: Boot with backup firmware and set as default

[C]: Configuration and information

[Q]: Quit menu and continue to boot with default firmware. [H]: Display this list of options.

Enter G, F, Q, or H:

8. Type G to get to the new firmware image form the TFTP server.

The following message appears:

Enter TFTP server address [192.168.1.168]:

9. Type the address of the TFTP server and press Enter.

The following message appears:

Enter Local Address [192.168.1.188]:

10. Type an IP address the FortiGate can use to connect to the TFTP server. The IP address can be any IP address that is valid for the network the interface is connected to.

Make sure you do not enter the IP address of another device on this network. The following message appears:

Enter File Name [image.out]:

 

11 Enter the firmware image filename and press Enter.

The TFTP server uploads the firmware image file to the FortiGate and a message similar to the following appears:

Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]

12. Type D.

 

The FortiGate installs the new firmware image and restarts. The installation might take a few minutes to complete.

 

Reverting to a previous firmware version – GUI

The following procedures revert the FortiGate to its factory default configuration and deletes any configuration settings. If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file.

Always remember to back up your configuration before making any changes to the firmware.

 

To revert to a previous firmware version

1. Go to the Dashboard and locate the System Information widget.

2. Beside Firmware Version, select Update.

3. Type the path and filename of the firmware image file, or select Browse and locate the file.

4. Select OK.

The FortiGate uploads the firmware image file, reverts to the old firmware version, resets the configuration, restarts, and displays the FortiGate login. This process takes a few minutes.

 

Reverting to a previous firmware version – CLI

This procedure reverts the FortiGate to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to replacement messages.

Before beginning this procedure, it is recommended that you:

  • back up the FortiGate system configuration using the command

execute backup config

  • back up the IPS custom signatures using the command  execute backup ipsuserdefsig
  • back up web content and email filtering lists

To use the following procedure, you must have a TFTP server the FortiGate can connect to.

 

To revert to a previous firmware version using the CLI

1. Make sure the TFTP server is running

2. Copy the firmware image file to the root directory of the TFTP server.

3. Log into the FortiGate CLI.

4. Make sure the FortiGate can connect to the TFTP server execute by using the execute ping command.

5. Enter the following command to copy the firmware image from the TFTP server to the FortiGate:

execute restore image tftp <name_str> <tftp_ipv4>

Where <name_str> is the name of the firmware image file and <tftp_ip4> is the IP address of the TFTP server. For example, if the firmware image file name is imagev28.out and the IP address of the TFTP server is 192.168.1.168, enter:

execute restore image tftp image28.out 192.168.1.168

The FortiGate responds with this message:

This operation will replace the current firmware version!

Do you want to continue? (y/n)

6. Type y.

The FortiGate uploads the firmware image file. After the file uploads, a message similar to the following appears:

Get image from tftp server OK. Check image OK.

This operation will downgrade the current firmware version! Do you want to continue? (y/n)

7. Type y.

8. The FortiGate reverts to the old firmware version, resets the configuration to factory defaults, and restarts. This process takes a few minutes.

9. Reconnect to the CLI.

10. To restore your previous configuration, if needed, use the command:

execute restore config <name_str> <tftp_ip4>

11. Update antivirus and attack definitions using the command:

execute update-now.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.