Upgrading Bricked my FortiGate 60D

 

Note: The original problem that prompted the creation of this blog entry was when I attempted an upgrade to FortiOS firmware 5.4.1. I did read all available information prior to this upgrade, but nevertheless the upgrade bricked my unit. This situation has since been resolved, and the latest release notes (dated 6/22/2016 or later) have a special section that tells how to handle this upgrade for this specific unit. Read and follow that procedure and hopefully you won't need the following.

Before you ever change anything on a Fortinet, backup the configuration. Make sure you have the admin password and all documents mentioned, because if the internet connection drops you want to have all of this on hand. Otherwise prepare to go to another location to grab this information. I have an internet hotspot on my smartphone, and being able to connect my laptop via the phone usually comes in handy in these situations.

Without giving vent to too much aggravation, this is how I recovered from this situation. No, the FG was not totally bricked, it just didn't work any more. These are the basic steps I followed to recover.

  1. Download and install FortiExplorer, see the link below. It will install the device drivers you need for the USB connection.
  2. Connect to the unit with a USB-A to USB-mini cable. I'm not going to try to predict what cable connectors you have. I have a USB-A on my laptop, and the FG 60-D has a USB Mini-B connector. These cables are readily available, and Fortinet includes one in the box when you order your unit. 
  3. Run FortiExplorer.  It should find the unit and display a graphical screen. Connect and login with your admin password.
  4. Restore the latest firmware configuration backup for this unit.
  5. Wait for it to reboot and run again.
This PDF is a document produced by FortiNet expanding on these instructions. It was a substantial help to me.

You may download the FortiExplorer (free) software here. It's a Real Good Idea to have this already installed on a PC.

Don't waste time trying to find a USB-A - to - USB-A cable. The USB specification doesn't support that, and the cables are rare, proprietary and expensive. This experience was acquired in the past, not with this event. I'm just trying to save you time.

Here's a good link explaining USB connectors from Cables To Go.

 

 

Pin It