CLI Upgrade Firmware

Problem

Upgrading firmwares via the web UI is tedious, especially when you have 50 or 60+ of these fuckers to do.

Solution

You have to do this via tftp. This involves setting up a tftp server and making sure the appropriate firmware is A) loaded on it and B) available through it. (This is left as an exercise for the reader.)

# execute restore image tftp <filename> <tftp_ipv4>

The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes.

Rancid?

Why, yes:

$ fnlogin -c 'execute restore image tftp FGT_100D-v5-build1165-FORTINET.out 1.2.3.4
y' 172.30.1.92

This won't work if you are downgrading because there's an extra 'y' that has to be fed to the system to make it work. It does work if you are merely reloading the same version of the firmware that's already running even though it will tell you it is "downgrading".

arp

Backup ISP with some traffic selection

crashlog

DHCP and PPPoE

DHCP Client Leases

DHCP Reservation

HA Cluster Member Firmware Revisions

Interface Duplex

Interface Mode

Interface Status

Memory Logging

Packet Capture

Radius Server Definition

Reset Admin Password

Reset to Factory Defaults

Routing Table

Simple Commands

Syslog

Test Authentication Servers

Configuration Preparation

DHCP Reservation

Dual-WAN Gateways

EXT3 fs error (device)

HA Cluster Status

HA Cluster Synchronization

Management Access

VoIP Clients with Fortigates

VPN Fragmentation

VPN Tunnel Details

CLI Disk Scan FSCK

CLI Upgrade Firmware

Connecting Multiple vDOMs to the same VLAN

CPU is pinned

Debug Flow

Debug Session

Debug Sniffer

Factory Reset

Fixing HA Sync Problems

Forticlient Registering To Fortigate

List DHCP Client Leases

List SSLVPN Users

RTC Power Status Failed

SSLVPN Logs Out After 8 Hours

System Time

VPN Flapping Leads To Bogus Routing

Wifi Clients Connect But Can't Get DHCP Lease

BGP Neighbors

BGP Sessions

DH Selection for VPNs

FortiCloud Debug Commands

FortiOS LLDP

IPsec Not Passing Packets

List DHCP Clients CLI

Microsoft Office Whitelisting

Routing Table

SSH Pubkey Login

SSL Security Settings

SSLVPN DNS Suffix

System Version from CLI

Traffic Shaping Policy

CLI Restore Configuration

Displaying Logs From Console

iPerf3 on Fortigates

IPSA self test failed, disable IPSA!

LDAP lookup account considerations

List Connected Users

Read-Only Admin Profile

SD-WAN Diagnostics

VPN Debug

VPN Tunnel Interface Address

Wifi 802.1x with LDAP Groups

FortiClient Error Codes

Device Table Size Maximum

Device-Local Certificate Expired

CLI Policy Lookup

IPsec MTU Adjustments

IPsec MTU Varies By Encryption Algorythm

Link Monitor

Looking at logs via CLI

Check Geo-IP Region For A Specific IP