Fortinet 663 FortiWeb 5.0 Patch 6 Administration Guide
Restoring firmware (“clean install”)
Restoring (also called re-imaging) the firmware can be useful if:
you are unable to connect to the FortiWeb appliance using the web UI or the CLI
you want to install firmware without preserving any existing configuration (i.e. a
clean install”)
a firmware version that you want to install requires a different size of system partition (see
the Release Notes accompanying the firmware)
a firmware version that you want to install requires that you format the boot device (see the
Release Notes accompanying the firmware)
Unlike updating firmware, restoring firmware re-images the boot device, including the
signatures that were current at the time that the firmware image file was created. Also, restoring
firmware can only be done during a boot interrupt, before network connectivity is available, and
therefore requires a local console connection to the CLI. It cannot be done through an SSH
or Telnet connection.
To restore the firmware
1. Download the firmware file from the Fortinet Technical Support web site:
https://support.fortinet.com/
2. Connect your management computer to the FortiWeb console port using a RJ-45-to-DB-9
serial cable or a null-modem cable.
3. Initiate a local console connection from your management computer to the CLI of the
FortiWeb appliance, and log in as the admin administrator, or an administrator account
whose access profile contains Read and Write permissions in the Maintenance category.
For details, see “Connecting to the web UI or CLI” on page 71.
4. Connect port1 of the FortiWeb appliance directly or to the same subnet as a TFTP server.
5. Copy the new firmware image file to the root directory of the TFTP server.
6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and
run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.)
Alternatively, if you cannot physically access the appliance’s local console connection, connect
the appliance’s local console port to a terminal server to which you have network access. Once
you have used a client to connect to the terminal server over the network, you will be able to
use the appliance’s local console through it. However, be aware that from a remote location,
you may not be able to power cycle the appliance if abnormalities occur.
Back up your configuration before beginning this procedure, if possible. Restoring firmware
resets the configuration, including the IP addresses of network interfaces. For information on
backups, see “Backups” on page 206. For information on reconnecting to a FortiWeb appliance
whose network interface configuration was reset, see “Connecting to the web UI or CLI” on
page 71.
Because TFTP is not secure, and because it does not support authentication and could allow
anyone to have read and write access, you should only run it on trusted administrator-only
networks, never on computers directly connected to the Internet. If possible, immediately turn
off tftpd off when you are done.