RSS

Fortigate 40C Format and upgrade firmware via CLI

12 Jan

To format and upgrade a firmware on Fortigate 40C, We will need 3 types of cables.

<<<<<<<>>>>>>>>

1. Connect console cable to console port of the Fortigate.
Use a serial to USB converter and connect to a USB on your laptop.
2. Connect USB cable (same cable we use with printers) to mng port of the fortigate.
3. Connect ethernet cable to port 5 (This port is special i think).
connect other end to your laptop.

Now all connections are in place.

Next:
Give your laptop an IP (manually):
192.168.1.168 – 255.255.255.0 – no need for Gateway
( you can use any IP, but i suggest to use this.)

Install 3 softwares,
1. Putty (link)
2. tftpd32 (link)
3. fortiexplorer (link)

if you have a Config backup, open it with a text editor.

You will see the build number and version of the firmware for that specific config file.
Download the firmware from FortiNet website.

For ease of use we can put all these files in a folder:
(in my case C:\Users\MyName\Desktop\Fortigate_40c_Format)

make a copy of the firmware file,
Rename the firmware file to image.out

Open TFTPD32.
Set the interface to the one to which we gave the IP 192.168.1.168
Set the root directory by clicking “Browse” on the tftp server window, and select
the folder with our files.
(in my case C:\Users\MyName\Desktop\Fortigate_40c_Format)

Next..

Open putty.
Set connection type to serial. and enter the COM port.
serial connection properties:
8 bits
no parity
1 stop bit
9600 baud (For a FortiGate-300, use 115,000 baud.)

You can find the COM port number from:
Right-click-Computer > Manage > Devices >
This will list all COM ports. Note the number for USB-Serial-connection. in my case it was COM4.

Now click connect on Putty.
Turn the power off and then on at the FortiGate unit.

Stuff will start to pop up on the console screen.
When the console displays

“Press any key to display configuration menu.”
Press any key.

[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.

Enter G,F,B,Q,or H:

these opetions will come.
Select F for now to format the boot device.

[note: Some console prompts in this procedure include a default value in square brackets, e.g., [image.out]. To use this default value, just press Enter.]

When format is finished, device will restart.
Do the same. When you reach this options. This time select G.
“Get firmware image from TFTP server.”

it will ask for IP of TFTP server. if you gave the same IP as above just click enter.
"Enter TFTP server address [192.168.1.168]: "
(if you gave another IP to your laptop, type the ip at the prompt
example: "Enter TFTP server address [192.168.1.168]:192.168.1.25")

now the console will ask for IP of the fortigate. enter to proceed with default value.
"Enter local address [192.168.1.188]: "

Now give the name of the firmware file.
Enter firmware image file name [image.out]:
(since we renamed our file to image.out we can just press enter)

The Fortigate downloads the firmware from the TFTP server and displays a message similar to the following:

MAC:001122B15D94 (MAC of your laptop)
########################### (transfer progress)
Total 28385179 bytes data downloaded.(firmware file size)
Verifying the integrity of the firmware image.. (verification stage)

Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?
type D to make load the firmware as the default firmware.

(if the download fails after the integrity check with the error message:
invalid compressed format (err=1) )

The fortigate downloads the firmware from the TFTP server.
Then installs the firmware and restarts.
The time required varies by the size of the file and the speed of your network connection.

Now we have installed the firmware.

Open the FortiExplorer software. this will detect the connected device (through mng USB cable)

Select web GUI from the given options.
Login with default password.
Username: admin
Password: (blank)

if you can login and the window is loading fine. You can restore your config file through the GUI.
this app gives you non IP dependend connection to the device. (Console acces otherwise called out of bound access).

In my experience I found that the app is slow for real stuff. So this is what I did.
There is an option to do basic configuration through a wizard. select this and set IP, username, and password etc. Basic stuff no need to care much, we will replace this config in coming steps.

when finished. make sure the IP of your laptop and fortigate are on the same subnet.

Open a browser window and type in the IP address of the device.
Login with your username and password. (the one we set above)

In the main window (dashboard) you will see option to restore a configuration.
selct ‘restore’, then choose the Backup config file. then click restore.
Fortigate will apply the configuration and restart.

You can see these happening on your console window. (just watch don’t type anything)
then it will say firewall is initialising…

you can do another thing. ping to to the fortigate IP with the -t operator.

Ping -t
wait until you start getting results for the ping.

Open the web browser window.
if the IP you gave when setting basic config through the wizard and the IP in your config files are different,
after the upgrade you need to use the IP in your config file.

login with your old username and password (from the backup config).
The username and password are the ones you used while you had the old configuration.

thats it.
Now you have formated the device.
installed a firmware.
loaded a backup configuration.

Now register your device through the portal to activare your forticare licences.

 
Leave a comment

Posted by on January 12, 2021 in Fortigate

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: