FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dchan
Staff
Staff
Article Id 197057

Description

 

This article describes how to load firmware and/or configuration backup from a USB drive
 
Scope
 
FortiGate 6.2+

Solution
 
In scenarios where technical staff or a console cable are not available, it is possible to leverage a USB thumb drive to load firmware only, configuration only, or both at the same time.

Configuration Steps
 
1. Download the desired firmware or configuration file to a USB drive
2. Optionally, you can rename them as desired
3. Configure FortiGate to apply firmware and configuration file from USB in the boot process

This can be done from Web Management Interface by navigating to System >>> Settings:

CarlosColombini_0-1661299200417.png

 

Alternatively, this can be set from CLI as well:
 

# config system auto-install

    set auto-install-config enable

    set auto-install-image enable

    set default-config-file "FGT61F-config-7.2.1.conf"

    set default-image-file "FGT61F-image-7.2.1.out"

end

 
Note: This is the same process as upgrading a firmware from FortiGuard or file upload in the Web Management Interface or via TFTP/FTP from SSH connection; therefore the Upgrade Path must be followed.
 
Loading firmware and configuration file from USB is enabled by default. The default file names are as below:
 
CarlosColombini_1-1661299466774.png

 

# config system auto-install

    set auto-install-config enable

    set auto-install-image enable

    set default-config-file "fgt_system.conf"

    set default-image-file "image.out"

end

 

Verification of configuration

For reference, see below output from a console connection when firmware and configuration is loaded from a USB drive:

1. If firmware image file is the same as existing in the FortiGate, no action will be taken.

System is starting...

Get image from USB disk ...     OK.

Checksum check synced! Don't need restore image.

 
2. If firmware image is older than the one existing in FortiGate, downgrade will be performed.

 

System is starting...

Get image from USB disk ...     OK.

Verifying the integrity of the firmware image...

Check image...  OK.


Firmware downgrade in progress ...

Done.

 

3. If firmware image is newer than the one existing in FortiGate, upgrade will be performed.


System is starting...

Get image from USB disk ...     OK.

Verifying the integrity of the firmware image...

Check image...  OK.

 

Please wait for system to restart.

 

Firmware upgrade in progress ...

Done.

 

 

4. If a configuration backup file is not detected or it does not match the filename, an error message is displayed in the console, but no action is taken.

 

System is starting...

Can not get config file from USB disk

 

5. If a configuration backup file is detected, device reboots and new configuration file is loaded.

 

Booting OS...

Initializing firewall...

 

System is starting...

Get config file from USB disk OK.

File check OK.

 

FGT61F-RIGHT login:

 

The system is going down NOW !!

 

Please stand by while rebooting the system.

Restarting system.