Troubleshooting Note : How to run an HQIP test for hardware integrity control
The HQIP (Hardware Quick Inspection Package) test image is used to check the unit's system function and its interfaces. HQIP will check almost all components, including CPU, memory, Compact Flash, hard disk and PCI devices (NIC/ASIC). It will also check the critical benchmarks and system configurations.
HQIP cannot detect all hardware malfunctions. If unit is rebooting or unstable then HQIP cannot detect the issue.
This procedure is not valid for the latest production. As of September 2008, all Fortinet production have HQIP image saved in a back up partition.
For HDD issue with multiple disks device, do not run HQIP because this will destroy the data. Ask for smart test or HDD diagnose command.
(*) Note :
To correctly test WIFI from HQIP (for all Fortinet
WIFI models), set up a wireless access point with the following parameters :SSID: fwqc ;
For all the FortiAnalyzer and FortiMail with a RAID card (FortiAnalzyer-2000, FortiMail-2000, FortiAnalzyer-2000A, FortiMail-2000A, FortiAnalzyer-4000A and FortiMail-4000A), when conducting the HQIP test, set the RAID level to 0 so that HQIP can test each hard disk.
Once you finish the HQIP test, you need to format the HDD that can set the RAID level back to the default level for each model.
Plan this operation for the weekend or evening, as a traffic outage will occur.
To reload a previously backed-up configuration file, make sure it matches the firmware version that will be installed.
If there is a chance the configuration file is corrupted, reconfigure the FortiGate unit from the default settings.
Terminal client (Windows HyperTerminal, Linux Minicom...)
Speed 9600 8 bits, no parity, 1 stop for all FortiGate , except FortiGate 300: 115000-8-n-1
Speed 115000 8 bits, no parity, 1 stop for all FortiManager
ASCII setup : Append line feeds to incoming lines
Log messages to file
Null modem serial cable (provided with the FortiGate)
Provide a fixed IP address to your PC, for example 192.168.1.168
A TFTP server running on a PC
Crossover network cable to connect directly the FortiGate to the PC running the TFTP server
Connect your PC LAN interface using an Ethernet cable to:
"Interface Internal", On models 200, 300, 500, 800, 800F
"Interface Internal 4 ", On models 100A, 200A, 300
"LAN Interface port1", On models 300A, 400, 400A, 500A, 1000 and higher
"LAN2", On FortiLog 800
Load the HQIP image
The following steps should be used in order to load the HQIP.
Power on the FortiGate unit.
Press any key when the "Press any key to display configuration menu" message appears.
At the selection window, select G.
Enter TFTP server address [192.168.1.168] : 192.168.1.168.
Enter local address [192.168.1.168] : 192.168.1.168.
Enter File Name [image.out]: HQIPimage.img (TFTP server is case sensitive).
The file transfer should be displayed on the TFTP server (ensure that the image is located in the appropriate folder), along with a series of hash "#" characters.
When prompted with the choice to save as Default, save as Backup, or Run image without saving, Select "R" to run without saving.
Functional check: The HQIP (Hardware Quick Inspection Package) test image is used to check the unit’s system function and its interfaces. A console cable connection is required, and the entire console output must be logged to a file.
HQIP will check almost all components, including CPU, memory, CF, HD and PCI devices (NIC/ASIC). It will also check the critical benchmarks and system configurations.
Observe the console output to make sure there is no warning stop or error message(s) from the test.
For testing FortiGate 5000 and other models with backbone ports, the inner ports cannot be tested without specific configuration.
If any errors or warning stops have occurred during this test, do not continue with the rest of steps 2 and go to Report.
Factory default restore
If all of the above tests were successful, format the hard drive (if applicable).
Format the flash (if possible) if the units BootROM menu provides such an option ('F' for format boot device).
Reload image public release firmware version.
Test didn't pass. Check service contract prior updating ticket for RMA Request.