System Management : Updating firmware : Updating firmware using the CLI
 
Updating firmware using the CLI
This procedure is provided for CLI users.
Before you begin:
Read the release notes for the version you plan to install. If information in the release notes is different from this documentation, follow the instructions in the release notes.
You must be able to use TFTP to transfer the firmware file to the FortiDDoS system. If you do not have a TFTP server, download and install one, like tftpd (Windows, Mac OS X, or Linux), on a server located on the same subnet as the FortiDDoS system.
Download the firmware file from the Fortinet Technical Support website: https://support.fortinet.com/
Copy the firmware image file to the root directory of the TFTP server.
Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.
Make a note of configurations that are disabled in your active configuration. Configurations that are not enabled are not preserved in the upgrade. For example, if a custom HTTP service port, log remote port, or event log port have been configured and then disabled in 4.1.5, the port information is not preserved in the upgrade to 4.1.6.
You must have super user permission (user admin) to upgrade firmware.
To install firmware via the CLI:
1. Connect your management computer to the FortiDDoS console port using an RJ-45-to-DB-9 serial cable or a null-modem cable.
2. Initiate a connection to the CLI and log in as the user admin.
3. Use an Ethernet cable to connect FortiDDoS port1 to the TFTP server directly, or connect it to the same subnet as the TFTP server.
4. If necessary, start the TFTP server.
5. Enter the following command to transfer the firmware image to the FortiDDoS system:
execute restore image tftp <filename_str> <tftp_ipv4>
where <filename_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:
execute restore image tftp image.out 192.168.1.168
One of the following message appears:
This operation will replace the current firmware version!
Do you want to continue? (y/n)
or:
Get image from tftp server OK.
Check image OK.
This operation will downgrade the current firmware version!
Do you want to continue? (y/n)
6. Type y.
The system installs the firmware and restarts:
MAC:00219B8F0D94
###########################
Total 28385179 bytes data downloaded.
Verifying the integrity of the firmware image.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?
7. To verify that the firmware was successfully installed, use the following command:
get system status
The firmware version number is displayed.
 
If the download fails after the integrity check with the error message invalid compressed format (err=1,but the firmware matches the integrity checksum on the Fortinet Technical Support website, try a different TFTP server.
 
 
TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn tftpd off immediately after completing this procedure.