Description
This article describes how to perform an HQIP test when a hardware test image is needed.
Scope
FortiGate units that require HQIP test image to be installed in order to run the hardware test (D-Series and older)
Note that the newer units (E-Series* and newer; with exceptions) have these tests included in the firmware.
For these newer units, consult Technical Tip: RMA Note - Hardware troubleshooting with built-in FortiOS hardware diagnostic command....
Solution
1. Schedule a maintenance window and take a configuration backup.
2. Prepare a TFTP server and HQIP image for FortiGate.
- i.e. Tftpd64 can be downloaded from pjo2.github.io/tftpd64.
- HQIP image can be downloaded from support.fortinet.com.
Go to Download –> HQIP Images and enter the serial number of the unit.
If the HQIP test image is not available for the unit, check first if the unit has the test bench included in the FortiOS.
Then, if the test is not available, contact TAC support in order to be provided with the correct HQIP image.
3. Save the HQIP image.
4. Run the TFTP server and configure the 'Current Directory' field where the HQIP image is located.
4. Run the TFTP server and configure the 'Current Directory' field where the HQIP image is located.
5. Configure the network of the PC. For example, 192.168.1.100 / 255.255.255.0.
6. Connect the PC to FortiGate via the console port.
7. If connected to FortiGate, run the CLI command 'execute reboot' to reboot the FortiGate.
8. When 'Please wait for OS to boot, or press any key to display configuration menu' appears during booting-up, enter the 'C' key to configure TFTP parameters.
6. Connect the PC to FortiGate via the console port.
7. If connected to FortiGate, run the CLI command 'execute reboot' to reboot the FortiGate.
8. When 'Please wait for OS to boot, or press any key to display configuration menu' appears during booting-up, enter the 'C' key to configure TFTP parameters.
FortiGate-60D (11:46-03.16.2016)
Ver:05000002
Serial number: FGT60D4Q16-----6
CPU(00): 800MHz
Total RAM: 2GB
Initializing boot device...
Initializing MAC... nplite#0
Please wait for OS to boot, or press any key to display configuration menu
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H: C
Ver:05000002
Serial number: FGT60D4Q16-----6
CPU(00): 800MHz
Total RAM: 2GB
Initializing boot device...
Initializing MAC... nplite#0
Please wait for OS to boot, or press any key to display configuration menu
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H: C
9. The following menus show the configuration of TFTP parameters :
[P]: Set firmware download port.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking(ping).
[Q]: Quit this menu.
[H]: Display this list of options.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking(ping).
[Q]: Quit this menu.
[H]: Display this list of options.
Enter the 'P' key to set the firmware download port of the FortiGate.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: P
[0]: Any of port 1 - 7
[1]: WAN1
[2]: WAN2
Enter image download port number [WAN1]: 1 <- Enter the number desired.
[0]: Any of port 1 - 7
[1]: WAN1
[2]: WAN2
Enter image download port number [WAN1]: 1 <- Enter the number desired.
Enter 'I' to set the local IP address for FortiGate WAN1.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: I
Enter local IP address [192.168.1.1]: <- Press the 'Enter' key to use 192.168.1.1 as an IP for FortiGate’s WAN1.
Enter local IP address [192.168.1.1]: <- Press the 'Enter' key to use 192.168.1.1 as an IP for FortiGate’s WAN1.
Enter 'S' to set the local subnet mask for FortiGate WAN1.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: S
Enter local subnet mask [255.255.255.0]: <- Press the 'Enter' key to use 255.255.255.0 as a subnet for FortiGate's WAN1.
Enter local subnet mask [255.255.255.0]: <- Press the 'Enter' key to use 255.255.255.0 as a subnet for FortiGate's WAN1.
Enter 'T' to set the remote TFTP server IP address for the PC.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: T
Enter remote TFTP server IP address [192.168.1.100]: <- Press the 'Enter' key to use 192.168.1.100 as a PC IP.
Enter remote TFTP server IP address [192.168.1.100]: <- Press the 'Enter' key to use 192.168.1.100 as a PC IP.
Enter 'F' to set the firmware file name, which will be the name of the HQIP image downloaded previously.
Tip: to avoid mistakes, rename the file in the TFTP server to a short name (e.g. hqip.out).
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: F
Enter firmware file name [FGT_60D-HQIP.2.5.0.1035.OUT]: FGT_60D-HQIP.2.5.0.1035.OUT
...done
Enter firmware file name [FGT_60D-HQIP.2.5.0.1035.OUT]: FGT_60D-HQIP.2.5.0.1035.OUT
...done
Enter 'R' to review the TFTP parameters configured.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: R
Image download port: WAN1
DHCP status: Disabled
Local VLAN ID: <NULL>
Local IP address: 192.168.1.1
Local subnet mask: 255.255.255.0
Local gateway: 192.168.1.254
TFTP server IP address: 192.168.1.100
Firmware file name: FGT_60D-HQIP.2.5.0.1035.OUT
Image download port: WAN1
DHCP status: Disabled
Local VLAN ID: <NULL>
Local IP address: 192.168.1.1
Local subnet mask: 255.255.255.0
Local gateway: 192.168.1.254
TFTP server IP address: 192.168.1.100
Firmware file name: FGT_60D-HQIP.2.5.0.1035.OUT
Enter 'N' to diagnose networking between FortiGate and the TFTP server.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: N
[1]: Ping remote TFTP server.
[2]: Ping gateway.
[3]: Ping specified IP address.
[Q]: Quit this menu.
[H]: Display this list of options.
[1]: Ping remote TFTP server.
[2]: Ping gateway.
[3]: Ping specified IP address.
[Q]: Quit this menu.
[H]: Display this list of options.
Enter '1' to ping from FortiGate to the TFTP server.
Enter 1,2,3,Q,or H: 1
Ping#1: Host 192.168.1.100 is reachable.
Ping#2: Host 192.168.1.100 is reachable.
Ping#3: Host 192.168.1.100 is reachable.
Ping#4: Host 192.168.1.100 is reachable.
Ping#1: Host 192.168.1.100 is reachable.
Ping#2: Host 192.168.1.100 is reachable.
Ping#3: Host 192.168.1.100 is reachable.
Ping#4: Host 192.168.1.100 is reachable.
Enter 'Q' to quit this menu and go to the upper menu.
Enter 1,2,3,Q,or H: Q
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: Q
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: Q
Enter 'G' to transfer the HQIP image from the TFTP server to FortiGate.
Enter C,R,T,F,I,B,Q,or H: G
10. The following steps will complete the transfer of HQIP test image.
Connect the TFTP server to the Ethernet port 'WAN1'.
Enter TFTP server address [192.168.1.100]: Press “Enter” key
Enter local address [192.168.1.1]: Press “Enter” key
Enter firmware image file name [image.out]: FGT_60D-HQIP.2.5.0.1035.OUT
MAC: 90:6c:ac:c0:67:6a
Connect to tftp server 192.168.1.100 ...
#############################################################
Image Received.
Checking image... OK
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]? D
Programming the boot device now.
.................................................................................................................................
Booting OS...
Reading boot image... 1829759 bytes.
Initializing firewall...
System is starting...
Enter local address [192.168.1.1]: Press “Enter” key
Enter firmware image file name [image.out]: FGT_60D-HQIP.2.5.0.1035.OUT
MAC: 90:6c:ac:c0:67:6a
Connect to tftp server 192.168.1.100 ...
#############################################################
Image Received.
Checking image... OK
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]? D
Programming the boot device now.
.................................................................................................................................
Booting OS...
Reading boot image... 1829759 bytes.
Initializing firewall...
System is starting...
11. After FortiGate finishes booting up, log in with the following credentials:
FORTITEST/FGT60D4Q16-----6 login: admin
Password: XXXXXXXX
Test program loading(HQIP, Build1035,Aug 18 2015 01:36:54) ...
Engine Version: v1.0 Build 1035. Aug 18 2015 01:36:34
You are running HQIP test program. To start testing, login as "admin" without password, and type:
diagnose hqip start
Welcome !
FORTITEST/FGT60D4Q16-----6 #
Password: XXXXXXXX
Test program loading(HQIP, Build1035,Aug 18 2015 01:36:54) ...
Engine Version: v1.0 Build 1035. Aug 18 2015 01:36:34
You are running HQIP test program. To start testing, login as "admin" without password, and type:
diagnose hqip start
Welcome !
FORTITEST/FGT60D4Q16-----6 #
12. In order to perform the HQIP test, run the CLI command 'diagnose hqip start'.
Make sure that the session is being logged in the SSH program.
If a fault is observed, the complete test output needs to be attached to TAC in order to prove the validity of the RMA.
Make sure that the session is being logged in the SSH program.
If a fault is observed, the complete test output needs to be attached to TAC in order to prove the validity of the RMA.
Note that the USB test can be skipped (in cases where the tested problem is not related to the USB port).
13. The test procedure will now be possible. To keep doing the HQIP tests, follow the suggestions from the screen prompts.
For example: Enter 'SPACEBAR' or 'ENTER' to go to the next step.
When the test is complete, the HQIP test result will be visible.
For example: Enter 'SPACEBAR' or 'ENTER' to go to the next step.
When the test is complete, the HQIP test result will be visible.
