FortiGate BIOS variations and firmware loading options

• All FortiGate units.

There are different BIOS versions, depending on the FortiGate model and its distribution date. These BIOSes may support different firmware installation options, and/or other features.

Currently, depending on the BIOS version, there are three slightly different firmware loading features:

• No BIOS menu, and Y/N prompt to save firmware.
• No BIOS menu, and D/R (save a Default OR Run image without saving) prompt.
• BIOS menu, with G (to Get firmware), and D/B/R (Default firmware/Backup firmware/Run image without saving) options.

Version 1 and 2 are essentially the same, with the Y meaning the same as D prompt, and the N meaning the same as the R prompt. Version 3 adds the B option.

Option definitions

Y or D (Yes or Default)

These options will overwrite the existing firmware version on the flash memory, and replace it with the newly loaded version.

N or R (No or Run image without saving)

The firmware is run in RAM memory without it being saved to the flash memory. The configuration used will be the one that exists on the flash card, and it must therefore be compatible with the new version that is being run. A configuration upgrade will not be performed with this option.

Any manual changes done to the configuration at this point will be saved to flash memory. Upon a system reboot, this new firmware is erased and the firmware loaded will be the one that previously existed in flash memory, along with the configuration also stored in flash.

This option is usually selected when running the special HQIP hardware test firmware. This option must not be selected when trying to evaluate a significantly different firmware option, since the original configuration file may be incompatible with the new firmware version.

B (Backup firmware)

With this option, the BIOS supports a dual partition system. If new firmware is loaded with this option, it is installed in a separate partition, and a new configuration file is created. This new firmware and configuration, will not conflict with the firmware and configuration in the other partition. It is possible to select the boot partition from either the BIOS "B" option (Boot with backup firmware …), or once the firmware has loaded via the CLI command diag sys flash default x.

FortiOS v3.0 dual partition support

FortiOS v3.0 adds dual partition support for all FortiGate models*, regardless of whether this option exists in the BIOS. See the Fortinet Knowledge Base article 2.80MR11 to 3.0MR1 upgrade/downgrade/dual-boot procedure for further information.

Note: Certain low-end models with a reduced compact flash size will not be able to support this.

BIOS boot examples

Example 1

Ver:03000000
SerialNum:FG3600xxxxxxxxxx
DDR RAM Activation
CPU(00:00000f27 bfebfbff): Do MP Initialization
CPU(01:00000f27 bfebfbff): Do MP Initialization
CPU(06:00000f27 bfebfbff): Do MP Initialization
CPU(07:00000f27 bfebfbff): Do MP Initialization
RTC Init
Total RAM: 2048M
Enabling Cache...Done.
Scanning PCI bus...Done
Allocating PCI Resources ... Done
Enabling PCI Resources ... Done.
Boot Device (0:0): Controler Not Ready (Timeout)
Zeroing IRQ Settings...Done.
Verifying PIRQ Tables...Done.
Boot Up, Boot Device Capacity=62MB.
Press Any Key To Download Boot Image.
...

Enter TFTP server address [192.168.1.168]: 192.168.1.168
Enter local address [192.168.1.188]: 192.168.1.188
Enter firmware image file name [image.out]: FortiGate-3600_HQIP_055.rc

MAC:00090F070024
####
Total 4784822 Bytes Data Is Downloaded.
Verifying The CF Image.

Total 28000kB Are Unzipped.
Do You Want To Save The Image ?[Y/n]

Example 2 

FGT50A (18:02-04.14.2004)
Ver:03005000
Serial number:FGT50Axxxxxxxxxx
RAM activation
Total RAM: 128MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 3456MB.
Press any key to display configuration menu...
...
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.

Enter G,F,Q,or H:

Enter TFTP server address [192.168.1.168]: 192.168.171.219
Enter local address [192.168.1.188]: 192.168.171.230

Enter firmware image file name [image.out]: FortiGate-50A_HQIP_043.img

MAC:00:09:0f:50:7f:7c
###
Total 3987013 bytes data downloaded.
Verifying the integrity of the firmware image.

Total 28000kB unzipped.
Save as Default firmware/Run image without saving:[D/R]?

Example 3

FGT1K (12:54-07.01.2003)
Ver:03000300
Serial number:FGT-1Kxxxxxxxxx
RAM activation
CPU(03:000006b4 0383fbff): Do MP initialization
CPU(00:000006b4 0383fbff): Do MP initialization
Total RAM: 512MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 61MB.
Press any key to display configuration menu...

[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G,F,B,Q,or H:

Enter TFTP server address [192.168.1.168]: 219.240.77.252

Enter local address [192.168.1.188]: 219.240.77.1
Enter firmware image file name [image.out]: FortiGate-1000_HQIP_046.img
MAC:0010F30238F5
####

Total 3982662 bytes data downloaded.
Verifying the integrity of the firmware image.

Total 28000kB unzipped.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?