Installing FortiOS on FortiGate hardware is typically done using the TFTP (Trivial File Transfer Protocol) method via a console cable for a clean installation.
Prerequisites:
1. Firmware Image (.out file): Download the specific FortiOS firmware file for your FortiGate model from the support site. Ensure you check the upgrade path if you are moving between major versions.
2. TFTP Server Software: Install a temporary TFTP server application (e.g., tftpd) on your management computer.
3. Console Cable: An RJ-45 to USB or DB-9 serial cable to connect your computer to the FortiGate's console port.
4. Fortinet Support Account: Access to the Fortinet Customer Service & Support website is required to download firmware images.
5 Terminal Emulation Program: Software like PuTTY or Tera Term for console access, configured with settings: Baud Rate 9600, 8 data bits, no parity, 1 stop bit, and no flow control.
6. Network Setup: The management computer running the TFTP server must be on the same local subnet as the FortiGate interface used for the transfer (e.g., port1 or a dedicated MGMT port).
TFTP Method:
This procedure will reset the FortiGate to factory default settings.
1. Connect via Console: Connect the console cable between your management computer and the FortiGate's console port. Open your terminal emulation program.
2. Place Firmware: Copy the downloaded FortiOS firmware .out file to the root directory of your TFTP server software (e.g TFTP-Root on C:\ drive or another folder).
3. Configure IP Addresses: Ensure the FortiGate interface (e.g., port1) and your TFTP server's IP address are on the same subnet (e.g., FortiGate: 192.168.1.1, TFTP Server: 192.168.1.2).
4. Reboot the FortiGate: In the CLI session, execute the command execute reboot. Type y to confirm or hard reboot the FortiGate firewall.
5. Interrupt Boot Process: As the FortiGate reboots, a series of system startup messages will appear. When you see the message Press any key to display configuration menu.........., immediately press any key to enter the boot menu (you have only 3 seconds).
6. Configure Network & Transfer: Choose 'G' (Get firmware image from TFTP server) and enter the IP address of the FortiGate, subnet mask, TFTP server IP, and the firmware file name.
7. Installation: The device will download, flash, and format the boot device, finally rebooting with the new firmware.
Important Notes:
1. A clean install via TFTP usually resets the configuration to factory defaults, so ensure you have a backup.
2. Ensure that the PC acting as the TFTP server is in the same subnet as the FortiGate.
3. Some models may require a format boot device step ('F') before fetching the new image to ensure a completely clean install.
No comments:
Post a Comment