How to set up your FortiADC : Updating the firmware : Installing alternate firmware
Installing alternate firmware
You can install alternate firmware which can be loaded from its separate partition if the primary firmware fails. This can be accomplished via the web UI or CLI.
To install alternate firmware via the web UI
1. Download the firmware file from the Fortinet Technical Support web site:
2. Log in to the web UI of the FortiADC appliance as the admin administrator.
Updating firmware on an HA pair requires slightly different steps than a standalone appliance. For details, see “Updating firmware on an HA pair”.
3. Go to System > Maintenance > Backup & Restore.
4. In the Firmware area, in the row of the alternate partition, click Upload and Reboot.
The Firmware Upgrade/Downgrade dialog appears.
5. Click Browse to locate and select the firmware file that you want to install, then click OK.
6. Click OK.
Your management computer uploads the firmware image to the FortiADC appliance. The FortiADC appliance installs the firmware and restarts. The time required varies by the size of the file and the speed of your network connection.
If you are downgrading the firmware to a previous version, and the settings are not fully backwards compatible, the FortiADC appliance may either remove incompatible settings, or use the feature’s default values for that version of the firmware. You may need to reconfigure some settings.
7. Clear your web browser’s cache, then restart it to ensure that it reloads the web UI and correctly displays all interface changes. For details, see your browser's documentation.
8. To verify that the firmware was successfully installed, log in to the web UI and go to System > Status > Dashboard.
In the System Information widget, the Firmware Version row indicates the currently installed firmware version.
To install alternate firmware via the CLI
1. Download the firmware file from the Fortinet Technical Support web site:
2. Connect your management computer to the FortiADC console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
3. Initiate a connection from your management computer to the CLI of the FortiADC appliance, and log in as the admin administrator.
For details, see “Connecting to the web UI or CLI”.
4. Connect port1 of the FortiADC appliance directly or to the same subnet as a TFTP server.
5. Copy the new firmware image file to the root directory of the TFTP server.
6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.)
Because TFTP is not secure, and because it does not support authentication and could allow anyone to have read and write access, you should only run it on trusted administrator-only networks, never on computers directly connected to the Internet. If possible, immediately turn off tftpd off when you are done.
7. Verify that the TFTP server is currently running, and that the FortiADC appliance can reach the TFTP server.
To use the FortiADC CLI to verify connectivity, enter the following command:
execute ping
where is the IP address of the TFTP server.
8. Enter the following command to restart the FortiADC appliance:
execute reboot
9. As the FortiADC appliances starts, a series of system startup messages appear.
Press any key to display configuration menu........
10. Immediately press a key to interrupt the system startup.
You have only 3 seconds to press a key. If you do not press a key soon enough, the FortiADC appliance reboots and you must log in and repeat the execute reboot command.
If you successfully interrupt the startup process, the following messages appears:
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.

Enter G,F,B,Q,or H:

Please connect TFTP server to Ethernet port "1".
11. Type G to get the firmware image from the TFTP server.
The following message appears:
Enter TFTP server address []:
12. Type the IP address of the TFTP server and press Enter.
The following message appears:
Enter local address []:
13. Type a temporary IP address that can be used by the FortiADC appliance to connect to the TFTP server.
The following message appears:
Enter firmware image file name [image.out]:
14. Type the firmware image file name and press Enter.
The FortiADC appliance downloads the firmware image file from the TFTP server and displays a message similar to the following:
Total 28385179 bytes data downloaded.
Verifying the integrity of the firmware image.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?
If the download fails after the integrity check with the error message:
invalid compressed format (err=1)
but the firmware matches the integrity checksum on the Fortinet Technical Support web site, try a different TFTP server.
15. Type B.
The FortiADC appliance saves the backup firmware image and restarts. When the FortiADC appliance reboots, it is running the primary firmware.
See also
Booting from the alternate partition
Installing firmware