Fortinet 5.0 Patch 6 Restoring firmware (clean install)

Fortinet 663 FortiWeb 5.0 Patch 6 Administration Guide

Restoring firmware (“clean install”)

Restoring (also called re-imaging) the firmware can be useful if:

• you are unable to connect to the FortiWeb appliance using the web UI or the CLI

• you want to install firmware without preserving any existing configuration (i.e. a

“clean install”)

• a firmware version that you want to install requires a different size of system partition (see

the Release Notes accompanying the firmware)

• a firmware version that you want to install requires that you format the boot device (see the

Release Notes accompanying the firmware)

Unlike updating firmware, restoring firmware re-images the boot device, including the

signatures that were current at the time that the firmware image file was created. Also, restoring

firmware can only be done during a boot interrupt, before network connectivity is available, and

therefore requires a local console connection to the CLI. It cannot be done through an SSH

or Telnet connection.

To restore the firmware

1. Download the firmware file from the Fortinet Technical Support web site:

https://support.fortinet.com/

2. Connect your management computer to the FortiWeb console port using a RJ-45-to-DB-9

serial cable or a null-modem cable.

3. Initiate a local console connection from your management computer to the CLI of the

FortiWeb appliance, and log in as the admin administrator, or an administrator account

whose access profile contains Read and Write permissions in the Maintenance category.

For details, see “Connecting to the web UI or CLI” on page 71.

4. Connect port1 of the FortiWeb appliance directly or to the same subnet as a TFTP server.

5. Copy the new firmware image file to the root directory of the TFTP server.

6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and

run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.)

Alternatively, if you cannot physically access the appliance’s local console connection, connect

the appliance’s local console port to a terminal server to which you have network access. Once

you have used a client to connect to the terminal server over the network, you will be able to

use the appliance’s local console through it. However, be aware that from a remote location,

you may not be able to power cycle the appliance if abnormalities occur.

Back up your configuration before beginning this procedure, if possible. Restoring firmware

resets the configuration, including the IP addresses of network interfaces. For information on

backups, see “Backups” on page 206. For information on reconnecting to a FortiWeb appliance

whose network interface configuration was reset, see “Connecting to the web UI or CLI” on

page 71.

Because TFTP is not secure, and because it does not support authentication and could allow

anyone to have read and write access, you should only run it on trusted administrator-only

networks, never on computers directly connected to the Internet. If possible, immediately turn

off tftpd off when you are done.