Recently I had a experience to install firmware from a local TFTP server under console control to reset a FortiGate unit to factory default settings.
It was caused by a failed firmware upgrade. System died after reboot. Power light was green, but not other interfaces.
I recorded the all steps in this post.
1. Physical Connections
I were using Fortigate 30D to do this firmware TFTP installation. There are four different types of interfaces on the back of Fortigate 30D.
|Fortigate 30D Connecting Console and WAN to Laptop|
- 8 bits
- no parity
- 1 stop bit
- 9600 baud (the FortiGate-300 uses 115,000 baud)
- Flow Control = None
3.1 Power Cycle Fortigate 30D
The system told me boot failed. Please check boot device or OS image.
Before that, there were about 6 seconds to wait to interrupt booting process.
3.2 Enter into Configuration mode
Press any key to interrupt booting process after you power cycle the device, following menu will show on the screen.
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
3.3 Press C to Configure TFTP parameters
After you have configured all TFTP parameters, such as Fortigate local ip, network mask, gateway, image name, remote server ip etc, you can review those parameters. But for Fortigate local IP and network mask, it will show N/A. Actually you do not need to worry about it, just select T to initiate TFTP firmware transfer. Fortigate 30D will notify you to connect your TFTP server to WAN port, which is completely different from other Fortigate models, such as 60D. Please check following list to see which port your Fortigate should use to do firmware transfer.
FortiGate Model Interface
50, 50A, 100, 200, 300, 500, 800, 800F Internal
50B, all 60 models, 100A, 200A Internal port 1
100A, 200A (If Internal Port1 does not work) Internal port 4
300A, 310A, 400, 400A, 500A, 1000 and higher LAN port 1
Fortigate with a dedicated management port mgmt1
3.4 Initiate TFTP firmware transfer
After you initiate TFTP firmware transfer, the Fortigate WAN will be turned on.
You will see Firmware is transferring from TFTP server to Fortigate 30D. Once transferring done, you will be notified how you want to save this image for.