本文介绍如何使用特定工具和步骤格式化并恢复FortiGate设备的硬盘,包括所需工具、操作前提条件及详细步骤说明。
PROCEDURE TO FORMAT AND RECOVER THE HARD DISK
---------------------------------------------------------
---------------------------------------------------------
Needed tools for this procedure :
- a terminal client (windows hyperterminal, linux minicom...)
- a null modem serial cable (provided with the fortigate)
- a tftp server running on a PC
The following are recommended for Windows platform: TFTPD32 by Philippe Jounin http://tftpd32.jounin.net/
SolarWinds TFTP server http://www.solarwinds.net/Tools/Free_tools/TFTP_Server
- a cross-over network cable to connect directly the fortigate to the PC running the TFTP server
- a null modem serial cable (provided with the fortigate)
- a tftp server running on a PC
The following are recommended for Windows platform: TFTPD32 by Philippe Jounin http://tftpd32.jounin.net/
SolarWinds TFTP server http://www.solarwinds.net/Tools/Free_tools/TFTP_Server
- a cross-over network cable to connect directly the fortigate to the PC running the TFTP server
Pre-requisite :
- plan this operation as a traffic outage is needed
- In case you want to reload a previously backed-up configuration file: Verify that it matches the firmware version that will be installed.
If there is a possibility that the configuration file is corrupted, don't use it and reconfigure the fortigate from scratch.
- Eventually, make screenshots of your fortigate configuration in case you need to rebuild it from scratch.
- The network interface used on the fortigate for the TFTP firmware install may change from a fortigate type to another.
Refer to the fortigate administration and configuration guide to find the right port to use : FGT-50,FGT-60,FGT100,FGT200,FGT300,FGT500,FGT800 : interface 'internal'
FGT-1k,FGT-3000,FGT-3600 : interface 'port1'
- In case you want to reload a previously backed-up configuration file: Verify that it matches the firmware version that will be installed.
If there is a possibility that the configuration file is corrupted, don't use it and reconfigure the fortigate from scratch.
- Eventually, make screenshots of your fortigate configuration in case you need to rebuild it from scratch.
- The network interface used on the fortigate for the TFTP firmware install may change from a fortigate type to another.
Refer to the fortigate administration and configuration guide to find the right port to use : FGT-50,FGT-60,FGT100,FGT200,FGT300,FGT500,FGT800 : interface 'internal'
FGT-1k,FGT-3000,FGT-3600 : interface 'port1'
Note: The following procedure will format and destroy all data (logs and quarantined files) which may have been previously stored on the hard disk.
1) Plug a terminal to the FGT's console port (example: a laptop running Microsoft hyperterminal).
You need a null-modem serial cable.
Settings for the terminal are : Speed 9600 8 bits, no parity, 1 stop for all FGT (hyperterminal default) - except FGT 300: 115000-8-n-1
You need a null-modem serial cable.
Settings for the terminal are : Speed 9600 8 bits, no parity, 1 stop for all FGT (hyperterminal default) - except FGT 300: 115000-8-n-1
2) Power on the fortigate and press a key when you see "Press any key ..." message
3) If a small menu of options is displayed, press option [G] to "Get firmware image from TFTP server", else proceed with the IP address configurations of the TFTP server and FGT unit.
(use a cross-over network cable to connect your Fortigate to the tftp server)
- Give the ip address of the tftp server
- Give an ip address for the fortigate (it has to be on the same subnet as the tftp server)
- Give the name of the firmware filename that is on the tftp server.
- Give an ip address for the fortigate (it has to be on the same subnet as the tftp server)
- Give the name of the firmware filename that is on the tftp server.
Load the special format-image but do not save it. Just running it should print out the following message:
Reading boot image 971204 bytes. Initializing firewall...
Enhance log disk...
Enhance log disk successful!
mount /dev/hdb1 on /var/log successful !
Enhance log disk...
Enhance log disk successful!
mount /dev/hdb1 on /var/log successful !
4) Reboot the FGT and the log disk should be available. Check using 'get sys stat'.
Below is a sample output:
// Power on FGT200(02.28.2002) Ver:02060000
SerialNum:FGT2002801021304
SDRAM Initialization Scanning PCI Bus...Done. Total RAM: 256M
Enabling Cache...Done.
Allocating PCI Resources...Done. Zeroing IRQ Settings...Done. Checking IRQ Routing Tables...Done. Enabling Interrupts...Done. Configuring L2 Cache...Done.
Boot Up, Boot Device Capacity=61MB. Press Any Key To Download Boot Image.
...
SerialNum:FGT2002801021304
SDRAM Initialization Scanning PCI Bus...Done. Total RAM: 256M
Enabling Cache...Done.
Allocating PCI Resources...Done. Zeroing IRQ Settings...Done. Checking IRQ Routing Tables...Done. Enabling Interrupts...Done. Configuring L2 Cache...Done.
Boot Up, Boot Device Capacity=61MB. Press Any Key To Download Boot Image.
...
Enter tftp server address [192.168.1.168]: 172.16.5.99 <<<< the IP address of the TFTP server/daemon
Enter local address [192.168.1.188]: 172.16.5.98 <<<< any IP address as long as within the same subnet as previous value.
Enter File Name [image.out]: format_FGT200.v250
MAC:00:09:0f:03:01:cb 100Mbps full-duplex
######
Total 7127398 Bytes Data Is Downloaded. Verifying The CF Image.
Enter local address [192.168.1.188]: 172.16.5.98 <<<< any IP address as long as within the same subnet as previous value.
Enter File Name [image.out]: format_FGT200.v250
MAC:00:09:0f:03:01:cb 100Mbps full-duplex
######
Total 7127398 Bytes Data Is Downloaded. Verifying The CF Image.
Total 28000kB Are Unzipped.
Do You Want To Save The Image ?[Y/n] <<<< ANSWER "NO" HERE.
........................... Reading Boot Image 971204 Bytes. Initializing Firewall ...
Enhance log disk...
Enhance log disk successful!
mount /dev/hdb1 on /var/log successful !
Do You Want To Save The Image ?[Y/n] <<<< ANSWER "NO" HERE.
........................... Reading Boot Image 971204 Bytes. Initializing Firewall ...
Enhance log disk...
Enhance log disk successful!
mount /dev/hdb1 on /var/log successful !
// Power cycle unit here FGT200(02.28.2002) Ver:02060000
SerialNum:FGT2002801021304
SDRAM Initialization Scanning PCI Bus...Done. Total RAM: 256M
Enabling Cache...Done.
Allocating PCI Resources...Done. Zeroing IRQ Settings...Done. Checking IRQ Routing Tables...Done. Enabling Interrupts...Done. Configuring L2 Cache...Done.
Boot Up, Boot Device Capacity=61MB. Press Any Key To Download Boot Image.
......
SerialNum:FGT2002801021304
SDRAM Initialization Scanning PCI Bus...Done. Total RAM: 256M
Enabling Cache...Done.
Allocating PCI Resources...Done. Zeroing IRQ Settings...Done. Checking IRQ Routing Tables...Done. Enabling Interrupts...Done. Configuring L2 Cache...Done.
Boot Up, Boot Device Capacity=61MB. Press Any Key To Download Boot Image.
......
Reading Boot Image 971404 Bytes. Initializing Firewall ...
Fortigate-200 login: admin
Password: Welcome!
Type ? for a list of commands.
Fortigate-200 # get sys stat Version:Fortigate-200 2.50,build269,040525 virus-db:4.339(05/24/2004 18:28)
ids-db:2.68(10/02/2003 15:14) Serial Number:FGT2002801021304 ie6workaround:disable
Log Hard disk:Available <<<< Hard disk Available
Operation mode: Nat
Hostname: Fortigate-200
TCP option: Disable
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
