Fortinet Upgrading to a new firmware version

Use the web-based manager or CLI procedure to upgrade to a new FortiOS firmware version or to a more recent build of the same firmware version.

Upgrading the firmware using the web-based manager

To upgrade the firmware using the web-based manager

Copy the firmware image file to your management computer.

Log into the web-based manager as the admin administrative user.

Go to System > Status.

Under System Information > Firmware Version, select Update.

Type the path and filename of the firmware image file, or select Browse and locate the file.

Note: If you have an earlier version of the FortiOS firmware, for example FortiOS v2.50, upgrade to FortiOS v2.80MR11 before upgrading to FortiOS v3.0.

Note: Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. For details see the FortiGate Administration Guide.

Note: To use this procedure, you must log in using the admin administrator account, or an administrator account that has system configuration read and write privileges.

FortiGate-60 series and FortiGate-100A FortiOS 3.0 MR4 Install Guide 76 01-30004-0266-20070831

Upgrading to a new firmware version FortiGate Firmware

Select OK.

The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.

Log into the web-based manager.

Update antivirus and attack definitions. For information about updating antivirus and attack definitions, see the FortiGate Administration Guide.

 

Upgrading the firmware using the CLI.

To upgrade the firmware using the CLI

Make sure the TFTP server is running.

Copy the new firmware image file to the root directory of the TFTP server.

Log into the CLI.

Make sure the FortiGate unit can connect to the TFTP server.

You can use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168

Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image TFTP <name_str> <tftp_ipv4> Where <name_str> is the name of the firmware image file and <tftp_ip4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

execute restore image image.out 192.168.1.168

The FortiGate unit responds with the message:

This operation will replace the current firmware version!

Do you want to continue? (y/n)

Type y.

The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes.

Reconnect to the CLI.

Update antivirus and attack definitions (see the FortiGate Administration Guide), or from the CLI, enter: execute update-now Note: Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. You can also use the CLI command execute update-now to update the antivirus and attack definitions.

For details, see the FortiGate Administration Guide.

Note: To use this procedure, you must log in using the admin administrator account, or an administrator account that has system configuration read and write privileges.

FortiGate Firmware Reverting to a previous firmware version

FortiGate-60 series and FortiGate-100A FortiOS 3.0 MR4 Install Guide 01-30004-0266-20070831 77

Reverting to a previous firmware version

Use the web-based manager or CLI procedure to revert to a previous firmware version. This procedure reverts the FortiGate unit to its factory default configuration.

Reverting to a previous firmware version using the web-based manager

Downgrading the firmware to a previous version will revert the FortiGate unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to replacement messages.

Before beginning this procedure, it is recommended that you:

• back up the FortiGate unit configuration

• back up the IPS custom signatures

• back up web content and email filtering lists

For more information, see the FortiGate Administration Guide.

If you are reverting to a previous FortiOS version (for example, reverting from FortiOS v3.0 to FortiOS v2.80), you might not be able to restore the previous configuration from the backup configuration file.

To revert to a previous firmware version using the web-based manager

Copy the firmware image file to the management computer.

Log into the FortiGate web-based manager.

Go to System > Status.

Under System Information > Firmware Version, select Update.

Type the path and filename of the firmware image file, or select Browse and locate the file.

Select OK.

The FortiGate unit uploads the firmware image file, reverts to the old firmware version, resets the configuration, restarts, and displays the FortiGate login. This process takes a few minutes.

Log into the web-based manager.

Restore your configuration.

For information about restoring your configuration, see the FortiGate

Administration Guide.

Update antivirus and attack definitions.

For information about antivirus and attack definitions, see the FortiGate Administration Guide.

Note: Installing firmware replaces the current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. For details, see the FortiGate Administration Guide. You can also use the CLI command execute update-now to update the antivirus and attack definitions.

Note: To use this procedure, you must log in using the admin administrator account, or an administrator account that has system configuration read and write privileges.

FortiGate-60 series and FortiGate-100A FortiOS 3.0 MR4 Install Guide 78 01-30004-0266-20070831

Reverting to a previous firmware version FortiGate Firmware

Reverting to a previous firmware version using the CLI

Downgrading the firmware to a previous version will revert the FortiGate unit to its factory default configuration and deletes IPS custom signatures, web content lists, email filtering lists, and changes to the replacement messages.

Before beginning this procedure, it is recommended that you:

• back up the FortiGate unit system configuration using the command execute backup config

• back up the IPS custom signatures using the command execute backup ipsuserdefsig

• back up web content and email filtering lists

For more information, see the FortiGate Administration Guide.

If you are reverting to a previous FortiOS version (for example, reverting from FortiOS v3.0 to FortiOS v2.80), you might not be able to restore your previous configuration from the backup configuration file.

To use the following procedure, you must have a TFTP server the FortiGate unit can connect to.

To revert to a previous firmware version using the CLI

Make sure the TFTP server is running.

Copy the firmware image file to the root directory of the TFTP server.

Log into the FortiGate CLI.

Make sure the FortiGate unit can connect to the TFTP server.

You can use the following command to ping the computer running the TFTP server. For example, if the TFTP server’s IP address is 192.168.1.168:

execute ping 192.168.1.168

Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

execute restore image TFTP <name_str> <tftp_ipv4>

Where <name_str> is the name of the firmware image file and <tftp_ip4> is

the IP address of the TFTP server. For example, if the firmware image file name is

v28image.out and the IP address of the TFTP server is 192.168.1.168, enter:

execute restore image TFTP v28image.out 192.168.1.168

The FortiGate unit responds with the message:

This operation will replace the current firmware version!

Do you want to continue? (y/n)

Note: Installing firmware replaces the current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date. For details, see the FortiGate Administration Guide. You can also use the CLI command execute update_now to update the antivirus and attack definitions.

Note: To use this procedure, you must log in using the admin administrator account, or an administrator account that has system configuration read and write privileges. FortiGate Firmware Installing firmware images from a system reboot using the CLI FortiGate-60 series and FortiGate-100A FortiOS 3.0 MR4 Install Guide 01-30004-0266-20070831 79

Type y.

The FortiGate unit uploads the firmware image file. After the file uploads, a message similar to the following is displayed:

Get image from tftp server OK.

Check image OK.

This operation will downgrade the current firmware version!

Do you want to continue? (y/n)

Type y.

The FortiGate unit reverts to the old firmware version, resets the configuration to factory defaults, and restarts. This process takes a few minutes.

Reconnect to the CLI.

To confirm the new firmware image has been loaded, enter:

get system status

10 To restore your previous configuration, if needed, use the command:

execute restore config TFTP <name_str> <tftp_ipv4>

11 Update antivirus and attack definitions.

For information, see the FortiGate Administration Guide, or from the CLI, enter:

execute update-now