FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 191369
Article

Description

Using the FortiUSB key.

Components

All FortiGate units with a USB port running FortiOS 3.0.

Steps or Commands

The FortiUSB key

The FortiUSB key enables you to backup and restore configuration files and auto install firmware images.

Note: The FortiGate unit can only use a FortiUSB key.

Inserting and removing the FortiUSB key

You need to properly insert and remove the FortiUSB key to ensure the FortiGate unit recognizes the USB key. Properly removing the key ensures the files are protected from accidentally being lost or deleted.

Note: In FortiOS 3.0MR2 and higher, step 1 and 2 are not required.

To correctly insert the FortiUSB key

  1. Power off the FortiGate unit.
  2. Disconnect the power supply from the FortiGate unit once the following message appears:
    The system is halted .
  3. Insert the FortiUSB key into the USB port on the FortiGate unit.
  4. Connect the power supply to the FortiGate unit to restart the system.

Note: In FortiOS 3.0MR2 and higher, step 1 and 2 are not required.

To correctly remove the FortiUSB key

  1. Power off the FortiGate unit.
  2. Disconnect the power supply from the FortiGate unit once the following message appears:
    The system is halted .
  3. Remove the FortiUSB key from the USB port on the FortiGate unit.
  4. Connect the power supply to the FortiGate unit to restart the system.

Backup and Restore from the FortiUSB key

Use the following procedures to backup and restore a configuration file.

Note: You can only save VPN certificates if you encrypt the file. Make sure the configuration encryption is enabled so you can save the VPN certificates with the configuration file.

To backup a FortiGate configuration file using the web-based manager

  1. Go to System > Maintenance > Backup and Restore.
  2. Select USB Disk from the Backup configuration to list.
  3. Select Backup.

If you want to encrypt the configuration file to include VPN certificates, select Encrypt configuration file and enter a password, then select Backup.

To restore configuration using the web-based manager

  1. Go to System > Maintenance > Backup and Restore .
  2. Select USB Disk from the Restore configuration from list.
  3. Select the configuration file to restore.
  4. If you have a password for the configuration file, enter it in the Password field.
  5. Select Restore.

To backup configuration using the CLI

  1. Enter the following command to backup the configuration files:
       exec backup config usb <filename>
  2. Enter the following command to verify the configuration files are on the key:
       exec usb-disk list

To restore configuration using the CLI

  1. Enter the following command to restore the configuration files:
       exec restore config usb <filename>
    The FortiGate unit responds with the following message:
    This operation will replace the current firmware version!
    Do you want to continue? (y/n)
  2. Type y.

Using the USB Auto-Install feature

The USB Auto-Install feature automatically updates the FortiGate configuration file and firmware image file on a system reboot. Use the following procedures to configure the USB Auto-Install feature.

Note:You need an unencrypted configuration file for this feature. Also the default files, image.out and fgt_system.conf, must be in the root directory.

Note:You need to properly insert the USB key before proceeding. Also, make sure FortiOS v3.0MR1 is installed on your FortiGate unit.

To configure the USB Auto-Install using the web-based manager

  1. Go to System > Maintenance > Backup and Restore.
  2. Select the blue arrow to expand the Advanced options.
  3. Select the following:
    • On system restart, automatically update FortiGate configuration file if default filename is available on the USB disk.
    • On system restart, automatically update FortiGate firmware image if default image is available on the USB disk.
  4. Enter the configuration and image filenames or use the default configuration filename (fgt_system.conf) and default image name (image.out).
  5. Select Apply.

To configure the USB Auto-Install using the CLI

Enter the following commands:

config system auto-install
   set default-config-file [filename]
   set auto-install-config [enable/disable]
   set default-image-file [filename]
   set auto-install-image [enable/disable]
end