Description
This document describes how to upgrade FortiDDOS firmware.
Upgrade considerations
The following considerations help you determine whether to follow a standard or non-standard upgrade procedure:
• HA—Updating firmware on an HA cluster requires some additions to the usual steps for a standalone appliance. See Updating firmware on an HA cluster
• Downgrades—Special guidelines apply when you downgrade firmware to an earlier version. See Downgrading firmware. In some cases, the downgrade path requires reimaging. Take care to study the release notes for each version in your downgrade path.
• Re-imaging—If you are installing a firmware version that requires a different size of system partition, you might be required to re-image the boot device.
Important: Read the Release notes for release-specific upgrade considerations.
Solution
Updating firmware using the web UI
The following figure shows the user interface for managing firmware. Firmware can be loaded on two disk partitions. You can use the web UI to boot the firmware version stored on the alternate partition or to upload and boot firmware updates (either upgrades or downgrades).
Firmware update
Before you begin:
• Download the firmware file from the Fortinet Technical Support website.
• Read the release notes for the version you plan to install.
• Important: Back up your configuration before beginning this procedure. If you revert to an earlier firmware version, the running configuration is erased, and you must restore a saved configuration. We recommend you restore a configuration you knew to be working effectively on the firmware version you revert to. Some 4.2 settings are incompatible with 4.1.x, so we recommend you not restore a 4.2 configuration to a 4.1.x system.
• Make a note of configurations that are disabled in your active configuration. Configurations that are not enabled are not preserved in the upgrade. For example, if a custom HTTP service port, log remote port, or event log port have been configured and then disabled in 4.1.11, the port information is not preserved in the upgrade to 4.2.1.
• You must have super user permission (user admin) to upgrade firmware.
To install firmware:
1. Go to System > Maintenance > Backup & Restore tab.
2. Under Firmware Upgrade/Downgrade, use the controls to select the firmware file that you want to install and click Update and Reboot icon.
Note: Clear the cache of your web browser and restart it to ensure that it reloads the web UI.
Updating firmware using the CLI
This procedure is provided for CLI users.
Before you begin:
• Read the release notes for the version you plan to install. If information in the release notes is different from this documentation, follow the instructions in the release notes.
• You must be able to use TFTP to transfer the firmware file to the FortiDDoS system. If you do not have a TFTP server, download and install one, like tftpd, on a server located on the same subnet as the FortiDDoS system.
• Download the firmware file from the Fortinet Technical Support website.
• Copy the firmware image file to the root directory of the TFTP server.
• Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.
• Make a note of configurations that are disabled in your active configuration. Configurations that are not enabled are not preserved in the upgrade. For example, if a custom HTTP service port, log remote port, or event log port have been configured and then disabled in 4.1.11, the port information is not preserved in the upgrade to 4.2.1.
• You must have super user permission (user admin) to upgrade firmware.
To install firmware via the CLI:
1. Connect your management computer to the FortiDDoS console port using an RJ-45-to-DB-9 serial cable or a null-modem cable.
2. Initiate a connection to the CLI and log in as the user admin.
3. Use an Ethernet cable to connect FortiDDoS port1 to the TFTP server directly, or connect it to the same subnet as the TFTP server.
4. If necessary, start the TFTP server.
5. Enter the following command to transfer the firmware image to the FortiDDoS system:
execute restore image tftp <filename_str> <tftp_ipv4>
where <filename_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:
execute restore image tftp image.out 192.168.1.168
One of the following message appears:
This operation will replace the current firmware version!
Do you want to continue? (y/n)
or:
Get image from tftp server OK.
Check image OK.
This operation will downgrade the current firmware version!
Do you want to continue? (y/n)
6. Type y.The system installs the firmware and restarts:
MAC:00219B8F0D94
###########################
Total 28385179 bytes data downloaded.
Verifying the integrity of the firmware image.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?
7. To verify that the firmware was successfully installed, use the following command: get system status
The firmware version number is displayed.
If the download fails after the integrity check with the error message invalid compressed format (err=1,but the firmware matches the integrity checksum on the Fortinet Technical Support website, try a different TFTP server.
TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn off tftpd off immediately after completing this procedure.
