FortiWAN Firmware Update

Firmware Update

Click [Update] or [Downgrade] and follow the on-screen instructions to perform firmware update/downgrade. Note that firmware downgrade will reset current configurations to factory default, please backup current configurations in advance. Firmware update and downgrade support jump directly to a version from current version without applying all the updates or downgrades that have been released between the versions.

Updating the FortiWAN Firmware:

  • Before proceeding with the firmware update, ALWAYS backup system configurations.
  • Obtain the latest firmware upgrade pack from https://support.fortinet.com. l Log onto the Web UI with administrator account and go to [System]→ [Administration]. l Click on “Update”. l Use [..] to select the path of the new firmware image.
  • For High Availability (HA) deployment (See “FortiWAN in HA (High Availability) Mode”), check [Update Slave] to perform firmware update on the slave unit at the same time. Please double check and make sure the peer device is under normal condition (from page [System > Summary]) before HA firmware update.
  • Click [Upload File] to start updating.
  • The firmware update will take a while, so please be patient. During the update process, be sure NOT to turn off the system or unplug the power adapter. DO NOT click on the [Upload] button more than once.
  • Update is completed when the “Update succeeded” message appears. FortiWAN unit(s) will reboot automatically then.

Errors that occur during the update can be caused by any reason below:

  • General error – Please contact your dealer if this happens repeatedly.
  • Invalid update file – The file uploaded for firmware update is invalid, please make sure the uploaded file is correct. l MD5 checksum error – Image file is damaged. Please reload and try again.
  • Incompatible version/build – Firmware version incompatible. System requires a higher version firmware for update and a lower version firmware for downgrade.Check with your dealer for the correct firmware version.
  • Incompatible model/feature – Firmware image does not match the FortiWAN system. Check with your dealer for the correct model and version.
  • Incompatible platform – Firmware image does not match the current FortiWAN platform. Check with your dealer for the correct model and version.
  • Update error – If this error message appears during firmware update, please do not turn off the device and contact your dealer immediately. l Unknown error – Contact your dealer.

When a firmware update has being processed in system, users (multi-account login, see “Using the Web UI”) are unable to perform concurrent firmware updates at the same time.

Configuration File

Click [Save] to back up the current configurations of all functions in one binary file on your PC. Click [Show] to display a binary configuration file (.cfg) as readable content. Click [Restore] to recover whole system with the backed up configurations. Note that Restore will apply the configurations to system and then perform synchronization to the slave unit if HA mode is deployed. After this, system automatically reboot. The configuration file here is in binary format and should NOT be edited outside of FortiWAN tools and systems. The configuration file here contains all the configurations of FortiWAN’s functions. You can have individual configuration file of every single function via the export function in every function page. Do NOT to turn off the power while restoring the configuration file, or repetitively clicking on the [Restore] button.

Configuration File for individual function Export and Import:

  • Log on to FortiWAN as administrator. On every single function page of Web UI, click [Export Configuration] to back up the configuration in an editable text file.
  • To import the previously saved configuration file, click [Browse] on the function page of Web UI to select the configuration file previously saved, and then click [Import Configuration] to import previous configurations. The imported configuration will be displayed on the Web UI, but not be applied to system. Click [Apply] button to apply it to system.

During the configuration file restoration process, if an error occurs, it is most likely the result of one of the following:

  • The total WAN bandwidth setting in the restored configuration file exceeds the max bandwidth defined for the current system. The bandwidth can be either upload stream and download stream.
  • The restored configuration file contains port numbers exceeding the port numbers defined by the system.
  • The restored configuration file contains VLAN parameters not supported by the machine. l The total number of WAN links in the restored configuration file exceeds the current system definition. l Incompatible versions and/or systems.

Note:

  • FortiWAN does not guarantee full compatibility of configuration files for different models. l After the firmware upgrade, it is encouraged to backup the configuration file.

Configuration file backup and restore are available in the following function page:

Function Page File Name
[System > Network] network.txt
[System > WAN Link Health

Detection]

wan-link-health-detection.txt
[System > Optimum Route Detection] optimum-route.txt
[System > Port Speed / Duplex

Setting]

port-speed.txt
[System > Backup Line Setting] backup-line.txt
[System > IP Grouping] l  Click [Import] & [Export], you may backup and restore configurations of ip list in a file named ip-list.txt.

l  Click [Import Configuration] & [Export Configuration], you may backup and restore configurations of IP Grouping saved in ip-group.txt.

[System > Service Grouping] l  Click [Import] & [Export], you may backup and restore configurations of service list in a file named service_ list.txt.

l  Click [Import Configuration] & [Export Configuration], you may backup and restore configurations of Service Grouping saved in service-group.txt.

[System > Busyhour Setting] busy-hour.txt
[Service > Firewall] firewall.txt
Function Page File Name
[Service > NAT] nat.txt
[Service > Persistent Routing] persistent-routing.txt
[Service > Auto Routing] auto-routing.txt
[Service > Virtual Server] virtual-server.txt
[Service > Bandwidth Management] bandwidth-management.txt
[Service > Connection Limit] connection-limit.txt
[Service > Cache Redirect] cache-redirect.txt
[Service > Multihoming] multihoming.txt
[Service > Internal DNS] Internal-nameserver.txt
[Service > SNMP] snmp.txt
[Service > IP-MAC Mapping] ip-mac-mapping.txt
[Service > DNS Proxy] dnsproxy.txt
[Service > Tunnel Routing] tunnel-routing.txt
[Log > Control] log-control.txt (This file includes Mail/FTP passwords.)
[Log > Notification] notification.txt (This file includes email/password)
[Log > Link Report] link-report.txt
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.