This article describes how to download and install firmware from a local TFTP server via the BIOS, under CLI control.
Caution: Installing firmware from a local TFTP server under console control resets your FortiGate unit to factory default settings. If possible, consider backing up your configuration before starting the TFTP server firmware upgrade.
- a null modem, or RJ-45 to DB9 console cable (supplied with the FortiGate unit). See also the related article Serial cable pinouts for console access to Fortinet devices
- an Ethernet RJ45 cable
- a terminal client, such as a PC running HyperTerminal (Windows)
- a TFTP server (see below the recommended software)
Recommended TFTP software
TFTPD32 – Open Source tftp server for windows
3CDaemon V2 – 3com’s TFTP server for windows
Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10
Fedora Core 9
TFTP Server v 3.3.1
Download the FortiGate firmware and verify MD5 checksum
1) Download the image for your FortiGate from the Fortinet Support Site. At the same website, you can also download the <image name>.md5 file that contains the MD5 checksum for the firmware image you downloaded.
2) Check that the image was downloaded successfully and is not corrupted Compare your generated MD5 sum against the one in the .md5 file.
Some console prompts in this procedure include a default value in square brackets, for example, [image.out]. To use this default value, press Enter.
Terminal client communication parameters
1 stop bit
9600 baud (the FortiGate-300 uses 115,000 baud)
Flow Control = None
Steps to load the firmware image
1 – Connect the computer to the FortiGate unit using the null modem cable.
2 – Connect the computer running the TFTP server to the FortiGate unit. Use the table below to determine which port to connect to.
FortiGate Model Interface
50, 50A, 100, 200, 300, 500, 800, 800F Internal
50B, all 60 models, 100A, 200A Internal port 1
100A, 200A (If Internal Port1 does not work) Internal port 4
300A, 310A, 400, 400A, 500A, 1000 and higher LAN port 1
Fortigate with a dedicated management port mgmt1
3 – Restart the Fortigate.
4 – When the console displays “Press any key to display configuration menu…” press the spacebar or any other key.
5 – If the menu includes Format boot device [F] press F and wait for the device formatting to complete.
6 – Press G to start firmware download.
The console displays:
Enter TFTP server address [192.168.1.168]:
7 – Type the IP address of the computer running the TFTP server and press Enter.
The console displays:
Enter Local Address [192.168.1.188]:
8 – Type an unused IP address that is on the same subnet as the TFTP server and press Enter.
The console displays:
Enter File Name [image.out]:
9 – Type the firmware image file name and press Enter.
The console periodically displays a “#” (pound or hash symbol) to show the download progress. When the download completes, the console displays a message similar to:
Save as Default firmware/Run image without saving:[D/R]
10 – Press D.
The FortiGate unit installs the new firmware image and restarts. The installation may take a few minutes to complete.
Once entering the firmware image name and pressing enter, the FortiGate unit MAC address appears and the “#” symbols indicate the progress of the install. If the MAC address does not show up, check the network cable and connector to ensure they are firmly attached to the FortiGate unit.
If MAC address shows up and no “#” signs appear, check which port the network cable is in. Use the table above in step 2 to ensure its in the right port.
Sample Console Output
The following is an example of what the output from the console can look like. Depending on the FortiGate unit, this may vary slightly.
FortiGate-60 (root) # FGT60 (11:24-04.25.2005)
Total RAM: 128MB
Scanning PCI bus…Done.
Allocating PCI resources…Done.
Enabling PCI resources…Done.
Zeroing IRQ settings…Done.
Verifying PIRQ tables…Done.
Boot up, boot device capacity: 30MB.
Press any key to display configuration menu…
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G,F,Q,or H: F
All data will be erased,continue:[Y/N]?
Formatting boot device…
Format boot device completed.
Enter G,F,Q,or H: G
Enter TFTP server address [192.168.1.168]: 192.168.1.1
Enter local address [192.168.1.188]: 192.168.1.99
Enter firmware image file name [image.out]: FGT_60-v300-build0660-FORTINET.outMAC:00:01:01:1:a1:a1
Total 13547047 bytes data downloaded.
Verifying the integrity of the firmware image.
Total 28000kB unzipped.
Save as Default firmware/Run image without saving:[D/R]? D
Programming the boot device now.
Reading boot image 1326312 bytes.
System is started.
Wait until firewall restart.
Artigo original de: http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=10338&sliceId=1&docTypeID=DT_KCARTICLE_1_1