Description
This article describes the possibilities to upgrade the firmware on FortiAuthenticator from GUI and CLI.
While the GUI upgrade is common, starting from firmware branch 6.0 the FortiAuthenticator has the option to import a firmware image file from the CLI. Before 6.0 only hardware models had the boot menu where an upload from a clean firmware image was possible.
With this new CLI command, it is also possible to perform upgrades by pushing the newer firmware image via FTP/TFTP.
Solution
Back up the configuration, then follow the procedure below to upgrade the firmware.
Before installing FortiAuthenticator firmware, download the firmware image from the Fortinet Support website, then upload it from your computer to the FortiAuthenticator.
Before firmware upgrade:
As best practice, it is important to read the release notes, which are also available from the Fortinet Customer Service & Support site (https://support.fortinet.com/) at the same location from where the firmware image has been downloaded.
Once downloaded, review the special notices, upgrade information, product integration, and support, and resolve issues, known issues, and limitations.
Release notes and documentation can be also found here:
FortiAuthenticator
- Log in to the Fortinet Support website. In the Download section of the page, select the Firmware Images link to download the firmware.
- To verify the integrity of the download, go back to the Download section of the login page and select the Firmware Image Checksums link.
Firmware upgrade process from GUI.
- Log in to the FortiAuthenticator web-based manager using the admin administrator account.
- Go to System -> Administration -> Firmware Upgrade.
- Select 'Upload a file' to upload the new firmware image.
- Select 'OK' to upload the file to the FortiAuthenticator.
The browser uploads the firmware file.
The time required varies by the size of the file and the speed of the network connection.
When the file transfer is complete, the following message is shown: 'It is recommended that a system backup is taken at this point'.
Once complete, verify the download, then select the 'Start Upgrade' button.
If an error about an incorrect platform is received, the VM host platform does not match the VM platform the FortiAuthenticator is running at, for example, KVM, VMWare, Hyper-V, or Xen.
Wait until the unpacking, upgrade, and reboot process has been completed (usually 3-5 minutes), then refresh the page.
When the upgrade completes, refresh the web browser to see the login window.
Firmware upgrade process from CLI.
- Copy the latest firmware image file to the root directory of the FTP/TFTP server.
- Log into the CLI of the FortiAuthenticator.
- Enter the following command to copy the firmware image from the FTP/TFTP server to FortiAuthenticator:
FTP:
execute restore image ftp <filename> <ftp_ipv4>
TFTP:
execute restore image tftp <filename> <tftp_ipv4> <----- Where <filename> is the name of the firmware image file and <ftp_ipv4> or <tftp_ipv4> is the IP address of the FTP/TFTP server.
Type 'y' to confirm the upgrade process.
FortiAuthenticator downloads the firmware image file from the server upgrades to the new firmware version and restarts.
