7-day Free trial of Napster
Acronis True Image 11
Download ZoneAlarm Security Suite, Save $10 Windows Vista Memory


Fortinet Fortigate Firewall Firmware Failure Fiasco

August 9th, 2007

I am a big proponent of Fortinet Fortigate Firewalls, and once in a while a little alliteration. To clarify the term firewall, Linksys, NetGear, etc are really NAT devices that perform some firewall functions - not true firewalls. But that is discussed in greater length here.

Today I had a problem with the firmware on a Fortinet Fortigate FGT-60, which is a great unit. Naturally, (and thankfully), I had done a backup of the configuration; it saved me today. That’s why I am always harping about backup.

Fortinet Fortigate Firmware Load via TFTP

The firmware failed to load after reboot and left the firewall hanging. At that point, the only way to communicate with the firewall is with the console cable. The console cable is a serial device and naturally my laptop doesn’t have a serial port. So I have to carry a USB to serial converter cable.

The fix requires connecting with hyperterminal via the console cable, power cycling the firewall and pressing the spacebar when prompted. This will give you an opportunity to reload the firmware from a TFTP server; I use SolarWinds Free TFTP.

SolarWinds TFTP Server

Manually set the network adapter on the PC to something like 192.168.1.201 with a subnet mask of 255.255.255.0. Then connect the PC (and nothing else) to one of the internal ports on the Fortinet.

Copy the firmware image to the TFTP server’s root directory. Configure the TFTP server to transmit and receive files.

SolarWinds TFTP Server Configuration Screen

When prompted, enter the IP address of the TFTP server (your PC), 192.168.1.201. The address for the firewall comes next, the default is usually 192.168.1.188 (which is why I chose the address I did for the PC). Just press enter to accept that.

Next enter the firmware image name and press enter. You will see the MAC address of the TFTP server and then you should see a progress bar made of “#” characters. When finished, it will load the image and start the firewall.

At that point, you are probably back to an address of 192.168.1.99 on the firewall, username “admin” in lowercase and no password. Jump back to your browser and enter

https://192.168.1.99 (the default ip address of the Fortinet internal interface)

enter the username of admin and click Ok.

Now you can restore your backup, if you have one, or set up the box from scratch.

Posted in Firmware | 2 Comments »