The basics of installing and initial setup of a new FortiGate unit : Verifying the current firmware version and upgrading the FortiOS firmware
Verifying the current firmware version and upgrading the FortiOS firmware
Fortinet has released a new version of FortiOS. You want to know what firmware version is currently running on your FortiGate unit and how to upgrade to the latest version.
View the current firmware version from the web‑based manager and CLI. Download a new version of FortiOS from the Fortinet Customer Support web site and install it from the web-based manager.
Firmware images for all FortiGate units are available on the Fortinet Customer Support web site. You must register your FortiGate unit to access firmware images. Register the FortiGate unit by visiting and select Product Registration.
Always review the Release Notes before installing a new firmware version. They provide the recommended upgrade path for the firmware release as well as additional information not available in other documentation. Only perform a firmware upgrade during a maintenance window.
1 Log in to the web‑based manager and view the dashboard System Information widget to see the Firmware Version currently installed on your FortiGate unit.
From the FortiGate CLI you can also enter the following command. The first output line indicates FortiOS firmware version installed on your FortiGate unit:
get system status
Version: Fortigate-60C v4.0,build0458,110627 (MR3 Patch 1)
Virus-DB: 11.00773(2010-05-04 13:32)
Extended DB: 0.00000(2010-03-16 10:31)
IPS-DB: 3.00000(2011-05-18 15:09)
FortiClient application signature package: 1.421(2011-09-08 10:19)
Serial-Number: FGT60C3G10002814
BIOS version: 04000010
Log hard disk: Need format
Internal Switch mode: switch
Hostname: FGT60C3G10002814
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Distribution: International
Branch point: 458
Release Version Information: MR3 Patch 1
System time: Wed Sep 14 13:07:27 2011
2 To download a newer firmware version, browse to and select a Download Firmware Images link.
3 Log in using your Fortinet account user name and password.
4 Go to Download Firmware Images > FortiGate.
5 Select FortiGate firmware images and browse to the FortiOS firmware version that you want to install (for example, browse to FortiGate/v4.00/4.0MR3/MR3_Patch_1).
6 Locate and download the firmware for your FortiGate unit.
7 Download and read the Release Notes for this firmware version.
Always review the Release Notes before installing a new firmware version in case you cannot update to the new firmware release from the one currently running.
8 Backup your configuration from the System Information dashboard widget.
Always remember to back up your configuration before doing any firmware upgrades.
9 Go to System > Dashboard > Status.
10 Under System Information > Firmware Version, select Update.
11 Find the firmware image file that you downloaded and select OK to upload and install the firmware build on the FortiGate unit.
The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.
From the FortiGate web‑based manager, go to System > Dashboard > Status. In the System Information widget, the Firmware Version will show the updated version of FortiOS (or from the CLI enter get system status).
What if it doesn’t work?
There is a possibility that the firmware upgrade from the web-based manager does not load properly. If this occurs, you may find that the FortiGate will not boot, or continuously reboots.
It is best to perform a fresh install of the firmware from a reboot using the CLI. This procedure installs a firmware image and resets the FortiGate unit to default settings. For this procedure, you must connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable.
Installing FortiGate firmware from a TFTP server
This procedure requires a TFTP server that you can connect to from the FortiGate unit. The TFTP server should be on the same subnet as the management interface.
1 Connect to the CLI using the RJ-45 to DB-9 or null modem cable.
2 Make sure the TFTP server is running and copy the firmware image file to the TFTP server.
3 Enter the following command to restart the FortiGate unit.
execute reboot
4 When prompted by the FortiGate unit to reboot, type y.
5 As the FortiGate unit starts, a series of system startup messages appears. When the following messages appears:
Press any key to display configuration menu..........
Immediately press any key to interrupt the system startup.
You have only 3 seconds to press any key. If you do not press a key soon enough, the FortiGate unit reboots and you must log in and repeat the execute reboot command.
If you successfully interrupt the startup process, the messages similar to the following appear (depending on the FortiGate BIOS version):
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B[: Boot with backup firmware and set as default
[C]: Configuration and information
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G, F, Q, or H:
6 Type G to get to the new firmware image form the TFTP server.
7 When prompted, enter the TFTP server IP address, and local FortiGate IP address.
The IP address can be any IP address that is valid for the network the interface is connected to. Make sure you do not enter the IP address of another device on this network.
8 Enter the firmware image filename and press Enter.
The TFTP server uploads the firmware image file.
9 When prompted how to save the default firmware, type D to load it as the default.
The FortiGate unit installs the new firmware image and restarts.
When loading the firmware using this method, the existing configuration is reset to defaults. You will need to reconfigure the IP addresses and load the configuration file from the System Information widget on the Dashboard.