FortiExplorer v2.5 Build 1079 - Fortinet Docs...

FortiExplorer v2.5 Build 1079User Guide

FortiExplorer v2.5 Build 1079 User Guide

October 21, 2014

01-521-202417-20141021

Copyright© 2014 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and

FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other

Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All

other product or company names may be trademarks of their respective owners. Performance

and other metrics contained herein were attained in internal lab tests under ideal conditions,

and actual performance and other results may vary. Network variables, different network

environments and other conditions may affect performance results. Nothing herein represents

any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or

implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s

General Counsel, with a purchaser that expressly warrants that the identified product will

perform according to certain expressly-identified performance metrics and, in such event, only

the specific performance metrics expressly identified in such binding written contract shall be

binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the

same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants,

representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves

the right to change, modify, transfer, or otherwise revise this publication without notice, and the

most current version of the publication shall be applicable.

Fortinet Document Library docs.fortinet.com

Fortinet Video Library video.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback [email protected]

http://docs.fortinet.com

http://video.fortinet.com/

https://support.fortinet.com

http://training.fortinet.com

http://www.fortiguard.com/

mailto:[email protected]?Subject=Technical%20Documentation%20Feedback

Table of Contents

Change Log....................................................................................................... 5

Introduction....................................................................................................... 6Supported models ................................................................................................... 6

FortiExplorer v2.5 Build 1079 support ..................................................................... 7

Download FortiExplorer ........................................................................................... 7

Firmware image checksums .................................................................................... 8

Installing FortiExplorer..................................................................................... 9Installing FortiExplorer ............................................................................................. 9

Microsoft Windows install .................................................................................. 9

Mac OS X install............................................................................................... 10

Configuration options ............................................................................................ 10

Updating FortiExplorer and firmware..................................................................... 10

Register your device from FortiExplorer ................................................................ 11

Setup Wizard................................................................................................... 13System settings ..................................................................................................... 13

Admin password .............................................................................................. 13

Time zone......................................................................................................... 13

Network.................................................................................................................. 13

Internet WAN connection................................................................................. 14

LAN settings..................................................................................................... 14

Security .................................................................................................................. 14

Schedule .......................................................................................................... 14

Internet access policy ...................................................................................... 14

Remote VPN .................................................................................................... 15

Configuration ......................................................................................................... 15

Summary.......................................................................................................... 15

FortiCloud ........................................................................................................ 15

Device Management Options ........................................................................ 16Connecting to the Web-based Manager ............................................................... 16

Connecting to the CLI console .............................................................................. 17

Firmware ......................................................................................................... 18Add model ............................................................................................................. 18

Download firmware images ................................................................................... 18

Uploaded firmware ................................................................................................ 19

DLP Watermark Tool...................................................................................... 20Using the DLP watermark tool............................................................................... 20

Apply watermark output message ................................................................... 21

FortiExplorer command line Watermark tool ......................................................... 21

Create a filter in FortiOS ........................................................................................ 22

USB Serial Console ........................................................................................ 23Supported models ................................................................................................. 23

Accessing the USB serial console menu ............................................................... 23

FortiGate BIOS menu............................................................................................. 23

Get firmware image from TFTP server ............................................................. 24

Format boot device.......................................................................................... 24

Configuration and information menu ............................................................... 25

Boot with backup firmware and set as default ................................................ 26

Quit menu and continue to boot ...................................................................... 26

Display this list of options ................................................................................ 26

FortiAP BIOS menu................................................................................................ 26

Get OS image from TFTP server...................................................................... 26

Quit this menu and continue to boot with default OS...................................... 27


FortiSwitch BIOS menu ......................................................................................... 27

Get firmware image from TFTP server. ............................................................ 28

Format boot device.......................................................................................... 28

Configuration and information menu ............................................................... 28

Boot with backup firmware and set as default ................................................ 30

Quit menu and continue to boot ...................................................................... 30


Fortinet Hardware Quick Inspection (HQIP)........................................................... 30

FortiCamera Configuration............................................................................ 32Supported models ................................................................................................. 32

Detect FortiCamera................................................................................................ 32

Table of Contents FortiExplorer v2.5 Build 1079 User Guide

Change Log

Date Change Description

2013-04-10 Initial release.

2013-04-17 Added supported file type information for Watermark tool.

2013-05-27 Added USB Console Access chapter.

2013-06-10 Updated for v2.3 build 1052.

2014-10-21 Updated for v2.5 build 1079.

Introduction

FortiExplorer is a standalone software solution that allows you to connect to your Fortinet

device using the USB interface of your management computer. FortiExplorer provides direct

access to the FortiOS setup wizard, Web-based Manager, and CLI console. FortiExplorer also

provides useful tools to allow you to manage firmware versions for various managed devices

and a watermark tool which can be used to apply a watermark signature to confidential files.

Supported models

FortiExplorer v2.5 build 1079 supports the following models.

See the FortiExplorer v2.5 Build 1079 Release Notes for additional information on FortiExplorer.

Not all FortiExplorer features mentioned in this document are available for all Fortinet device

models.

Table 1: Supported models

FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C,

FG-60C-POE, FG-60C-SFP, FG-60D, FG-60D-3G4G, FG-60D-POE,

FG-70D, FG-90D, FG-90D-POE, FG-92D, FG-94D-POE, FG-100D,

FG-140D, FG-140D-POE, FG-140D-POE-T1, FG-200D, FG-200D-POE,

FG-240D, FG-240D-POE, FG-280D-POE, FG-300C, FG-300D, FG-500D,

FG-600C, FG-800C, FG-1000C, FG-1000D, FG-1200D, FG-1500D,

FG-3240C, FG-3600C, FG-3700D

FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C,

FWF-60C, FWF-60CM, FWF-60CM-3G4G-B, FWF-60CX-ADSL-A,

FWF-60D, FWF-60D-3G4G, FWF-60D-POE, FWF-90D, FWF-90D-POE,

FWF-92D

FortiGate Rugged FGR-60D

FortiGateVoice FGV-70D4

FortiSwitch FS-28C, FS-324B-POE, FS-348B, FS-448B

FortiAP FAP-11C, FAP-28C.

FortiCamera FCM-20A, FCM-MB13, FCM-OB20

FortiExplorer v2.5 Build 1079 support

The following table lists FortiExplorer v2.5 Build 1079 product integration and support

information.

Download FortiExplorer

FortiExplorer is available for download from the Customer Service & Support web site

ihttps://support.fortinet.com in firmware images and from the Fortinet Resource Center

http://www.fortinet.com/resource_center/product_downloads.html. FortiExplorer is available for

both Microsoft Windows and Mac OS X computers.

You can download the following FortiExplorer software from the Customer Service & Support

portal.

Microsoft Windows (XP, Vista, 7, 8, 8.1)

• FortiExplorerSetup_xp_2.5.1079.exe

This image includes the FortiExplorer executable, the Microsoft Windows USB driver library,

and .net framework library.

• FortiExplorerSetup_win_2.5.1079.msi

This image includes the FortiExplorer MSI file.

• FortiExplorerSetup_win_upgrade_2.5.1079.msi

This image includes the FortiExplorer MSI file and the Microsoft Windows USB driver library.

This upgrade image can be used on all Microsoft Windows operating systems.

• FortiExplorer_OnlineInstaller_2.5.1079.exe

This image is an online installer for FortiExplorer. When run, it will download the full installer

from the FortiGuard Distribution Servers (FDS). This image can be used on a Microsoft

Windows 7 operating system.

Table 2: FortiExplorer v2.5 Build 1079 support

FortiOS • v5.2.0 and later

• v5.0.3 and later

FortiSwitch OS • v2.0.0 and later

FortiAP • v5.2.0 and later

• v5.0.4 and later

The Watermark Tool is available for FortiExplorer v2.5 Build 1079 for Microsoft Windows only.

Introduction FortiExplorer v2.5 Build 1079 User Guide

https://support.fortinet.com/login/UserLogin.aspx

Mac OS X (v10.6 Snow Leopard, v10.7 Lion, v10.8 Mountain Lion, v10.9 Mavericks, v10.10 Yosemite)

• FortiExplorer-2.5.1079.dmg

This image includes the FortiExplorer executable, the Mac OS X USB driver library, and .net

framework library.

• FortiExplorer_OnlineInstaller-2.5.1079.dmg

This image is an online installer for FortiExplorer. When run, it will download the full installer

from the FortiGuard Distribution Servers (FDS).

Firmware image checksums

The MD5 checksums for all Fortinet software and firmware releases are available at the

Customer Service & Support portal, https://support.fortinet.com. After logging in select

Download > Firmware Image Checksums, enter the image file name including the extension,

and select Get Checksum Code

Introduction FortiExplorer v2.5 Build 1079 User Guide


Installing FortiExplorer

FortiExplorer provides a user-friendly tool that you can use to configure a FortiGate unit over a

standard USB connection, rather than using a console cable or Ethernet connection.

Figure 1: Example connection to device

The following topics are discussed in this section:

• Installing FortiExplorer

• Configuration options

• Updating FortiExplorer and firmware

• Register your device from FortiExplorer

Installing FortiExplorer

FortiExplorer v2.5 Build 1079 is available for Microsoft Windows XP, Vista, 7, 8, and 8.1.

FortiExplorer v2.5 Build 1079 is available for Mac OS X v10.6 Snow Leopard, v10.7 Lion, v10.8

Mountain Lion, v10.9 Mavericks, and v10.10 Yosemite.

Microsoft Windows install

To install FortiExplorer on a Microsoft Windows workstation:

1. Double-click the .msi or .exe file and follow the instructions on-screen. If loading from the

CD, select the appropriate version for your operating system.

2. Connect the USB cable to the FortiGate unit and then to the management computer.

When using the FortiExplorer setup wizard for the first time, ensure the FortiGate unit is using its

factory default settings.

Do not connect the USB cable until after FortiExplorer has been installed.

3. The FortiExplorer Fortinet Device Easy Configuration Utility opens when the USB cable is

connected. Select Install the hardware automatically and select Next.

4. After a moment, FortiExplorer will launch.

Mac OS X install

To install FortiExplorer on a Mac OS X workstation:

1. Double-click the .dmg file and drag the FortiExplorer program file into the Applications

folder.

2. Connect the USB cable to the FortiGate unit and then to the management computer.

3. Double-click the FortiExplorer icon to launch the application.

Configuration options

With FortiExplorer, you are provided a number of options on how to configure the FortiGate unit,

depending on your level of comfort with various interfaces.

The below image shows the FortiExplorer tool connected to a FortiGate 60C device.

Figure 2: FortiExplorer tool

Updating FortiExplorer and firmware

FortiExplorer may be automatically updated from time to time. Select the checkbox at the

bottom of the page to remember the device and check for updates with FDS automatically.

Installing FortiExplorer FortiExplorer v2.5 Build 1079 User Guide

FortiExplorer will also monitor firmware updates for your devices and provide an alert when one

is available. FortiExplorer lists the three most recent firmware images that are available for your

device on the main page.

Register your device from FortiExplorer

You can use FortiExplorer to register your Fortinet device. By registering your device, you can

download firmware images, receive FortiGuard service updates including virus and attack

definitions, VCM updates, and access Fortinet Customer Service & Support.

You can select to register the device to an existing FortiCare account, see Figure 3, or you can

create a new FortiCare account, see Figure 4.

To register the device to an existing FortiCare account, select Existing FortiCare User - FortiCare

Login, enter your FortiCare username and password, select the country in the drop-down menu,

select the reseller in the drop-down menu, and select Register.

Figure 3: Register device to existing FortiCare account


To create a new FortiCare account, select New User - Create FortiCare Account, enter the

applicable information in the required fields and select Register.

Figure 4: Register device to new FortiCare account

Once registration is complete, the device will reflect a Registered status on the FortiExplorer

home page.


Setup Wizard

FortiExplorer allows you to configure your FortiGate unit using the setup wizard in FortiOS from

the FortiExplorer shell.

Select Setup Wizard in the left-hand devices menu and log in to your device. The default login

credentials are admin/no password.

System settings

Device system settings include setting the admin password, and setting time zone information.

Admin password

Select the checkbox to change the admin password. The default password is no password,

leave the Old Password field blank and enter the new password. Changing the password will

require re-authentication when the setup wizard is complete.

Time zone

Select the appropriate time zone for your location in the drop-down menu.

Network

Network settings include the Internet WAN connection and LAN settings.

The setup wizard is intended for initial configuration of your device and includes basic settings.

This feature is not available on all device types. Options in the setup wizard will vary based on

the firmware version, device type, and features the device supports. This chapter provides an

overview of the options for a FortiGate 60C running FortiOS v5.2.0.

The network menu is determined by the WAN topology selection. Menu items that are not

applicable to the topology selected will not be available.

Internet WAN connection

Select the connection type for your Internet connection. Select one of the following:

• DHCP, if your ISP automatically assigns you a dynamic IP address

• Static IP, if your ISP assigns you a specific IP address or a group of addresses

Enter the IP address, netmask, default gateway IP address, and DNS server IP address for

WAN1.

• PPPoE, if your ISP provided you with client software, a username, and a password

Enter the PPPoE username and password.

LAN settings

One this page you can configure LAN settings. Enter the IP address and netmask for the internal

interface or leave the default values. Select the checkbox to enable DHCP and enter the start

and end IP address.

Security

Security settings include schedule, Internet access policy, and remote VPN settings.

Schedule

On the you can configure the Internet access schedule. You can select to enable Internet

access to a specified schedule or set to allow access always.

Internet access policy

This policy will enable Internet connectivity for the internal LAN and WiFi interfaces. The

selected traffic forwarding and UTM inspection options be applied to this policy. You can

configure the following settings:

• Enable Network Address Translation (NAT)

• Block viruses and malicious content

• Enable Parental Control for Web Filtering

• Monitor application usage and block unproductive applications.

Contact your Internet service provider (ISP) if you are unsure which Internet connection type to

select for your primary WAN connection.

The FortiGate setup wizard deletes all security policies and adds a single security policy

configured by the wizard to allow Internet access from the Internal network.

Setup Wizard FortiExplorer v2.5 Build 1079 User Guide

Remote VPN

Select the checkbox to allow remote VPN access. You can configure up to three users and

select either SSL VPN or IPsec VPN. When selecting SSL VPN you can configure up to five SSL

VPN bookmarks. When selecting IPsec VPN, enter the pre-shared key.

Configuration

Configuration settings include summary and FortiCloud settings.

Summary

The summary page allows you to verify the settings configured in the setup wizard before

committing the changes. In this page you can also select to print FortiClient VPN setup

instructions. Select Configure to save the settings to the device.

FortiCloud

In the FortiCloud page you can configure the device to send logs to your FortiCloud account.

Once the setup wizard in finished, you will be prompted to log back into the device.

Setup Wizard FortiExplorer v2.5 Build 1079 User Guide

Device Management Options

After installing and setting up the basic settings for your device, you can use FortiExplorer to

connect to the device’s Web-based Manager and CLI console for ongoing administration.


• Connecting to the Web-based Manager

• Connecting to the CLI console

Connecting to the Web-based Manager

To connect to the device Web-based Manager, go to Devices > Web-based Manager, and enter

your username and password. Optionally, select Tools > Web-based Manager to launch a web

browser session with the device on 127.0.0.1:12180.

When accessing the Web-based Manager from within the FortiExplorer shell, you can access

detailed content-sensitive online help that displays for the current Web-based Manager page.

Figure 5: Web-based Manager device access

For more information on configuring your FortiOS device see the FortiOS Handbook 5.0.

Configuration changes made in the Web-based Manager take effect immediately, without

resetting the device of interrupting service.

Connecting to the CLI console

The command line interface (CLI) is an alternative method of configuring the FortiGate unit. The

CLI complements the web-based manager in that it not only has the same configuration

options, but additional settings not available through the web-based manager.

The CLI contains commands and sub-commands that are used to configure a feature’s settings,

and you can upload batches of commands from a text file.

To connect to the device command line interface, go to Devices > Command-line Interface, and

enter your username and password. Optionally, select Tools > Command-line Interface to

launch a Telnet session window on 127.0.0.1.

Figure 6: CLI console device access

For more information on using the CLI console see the CLI Reference for FortiOS 5.0.

Device Management Options FortiExplorer v2.5 Build 1079 User Guide

Firmware

You can use FortiExplorer to store and monitor firmware versions for managed Fortinet devices.

FortiExplorer will display the three most recent builds for the device. You can select Download,

enter your FortiCare username and password, and download the firmware image to

FortiExplorer. Optionally, you can download specific firmware images from the Customer

Service & Support website and upload the image to FortiExplorer.


• Add model

• Download firmware images

• Uploaded firmware

Add model

Select Add Model in the toolbar to add device models to the Monitored Firmware page. In

FortiExplorer v2.5 Build 1079 you can add the following devices:

Download firmware images

When selecting to download a firmware image, you will be prompted to enter your FortiCare

account credentials. The firmware image will be saved to FortiExplorer. Only the three most

current firmware versions are displayed in Online Updates.

When connected to the FortiGate device you can select to Install the firmware image.


FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C,

FG-60C-POE, FG-60C-SFP, FG-60D, FG-60D-POE, FG-70D, FG-90D,

FG-90D-POE, FG-94D-POE, FG-100D, FG-140D, FG-140D-POE,

FG-140D-POE-T1, FG-200D, FG-240D, FG-280D-POE, FG-300C,

FG-300D, FG-600C, FG-800C, FG-1000C, FG-1000D, FG-3240C,

FG-3600C

FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C,

FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60D-POE,

FWF-90D, FWF-90D-POE


FortiAP FAP-11C, FAP-28C.

Before upgrading or downgrading the device, always read and review the applicable Firmware

Release Notes. The Firmware Release Notes are available on the Customer Service & Support

site in the file folder that contains firmware images. The Release Notes include support

information, special notices, supported upgrade and downgrade paths, resolved and known

issues for the firmware release.

Uploaded firmware

Optionally, you can upload firmware image .out files that you have downloaded from the

Customer Service & Support site into the FortiExplorer shell. You can upload firmware image

files for any monitored device.

When connected to the FortiGate device you can select to Install the firmware image.

Before upgrading or downgrading the device, always read and review the applicable Firmware

Release Notes. The Firmware Release Notes are available on the Customer Service & Support

site in the file folder that contains firmware images. The Release Notes include support

information, special notices, supported upgrade and downgrade paths, resolved and known

issues for the firmware release.

Firmware FortiExplorer v2.5 Build 1079 User Guide

DLP Watermark Tool

Watermarking is essentially marking files with a digital pattern to mark the file as being

proprietary to a specific company. The Watermark tool will apply a digital watermark to the file.

You can also select to add the watermark to an entire directory. The tool adds a small

(approximately 178 bytes) pattern to the file that is recognized by the DLP watermark filter

configured on your FortiOS device.

The following file types are supported: .txt, .pdf, .doc, .xls, .ppt, .docx, .pptx, and .xlsx.


• Using the DLP watermark tool

• Create a filter in FortiOS

Using the DLP watermark tool

You can use the FortiExplorer DLP watermark tool to apply a corporate identifier to a specific

file or directory.

Apply a DLP watermark to a specific file:

1. Select Tools > DLP Watermark in the left hand menu. You can select to apply the watermark

to a specific file or to an entire directory.

2. Select the search icon to the right of the Select File field and browse for the file on your

workstation.

3. Select the sensitivity level in the drop-down menu. Select one of the following: Critical,

Private, or Warning.

4. Enter the corporate identifier in the Identifier field. The identifier can include 26

alpha-numeric and special characters.

5. Select the search icon to the right of the Output Directory field and browse for a folder on

your workstation to save the watermarked file.

The Watermark Tool is available for FortiExplorer v2.5 Build 1079 for Microsoft Windows only.

Watermarks can only be removed using the command line Watermark tool.

6. Select Apply Watermark to apply the watermark to the selected file or directory.

Apply watermark output message

The following is an example output message generated by FortiExplorer when applying a

watermark to a specific file.

> fortinet-watermark-win.exe -v -f "C:\Users\username\Desktop\FEXP\FortiExplorer_25_RN_253431\Output\fortiexplorer-v2.5-release-notes.pdf" -i "FTNTPrivateAndConfidentialFTNT" -l "Private" -o "C:\Users\username\Desktop"

--> 'C:\Users\username\Desktop\FEXP\FortiExplorer_25_RN_253431\Output\fortiexplorer-v2.5-release-notes.pdf'

--------------------------------------------------------1 file(s) processed. (success = 1, failure = 0)

FortiExplorer command line Watermark tool

FortiExplorer v2.5 Build 1079 installer includes a command line Watermark tool,

fortinet-watermark-win.exe. This file is located in the C: > Program Files > Fortinet > FortiExplorer directory. This tool can be launched from the Administrator Command Prompt and can be used to add or delete Watermarks.

The following syntax lists usage and options available in this tool:

C:\>fortinet-watermark-win.exeUSAGE: fortinet-watermark-win.exe <options> -f <file name> -i

<identifier> -l <sensitivity level> fortinet-watermark-win.exe <options> -d <directory> -i

<identifier> -l <sensitivity level>

Options: -h print help -v verbose information -I inplace watermarking (don't copy file) -o output directory -e encode <to non-readable> -a add additional watermark (by default replaces watermarks

existing watermarks) -D delete all watermarks

You can apply multiple Watermarks to a file or directory.

DLP Watermark Tool FortiExplorer v2.5 Build 1079 User Guide

Create a filter in FortiOS

You need to create a filter in FortiOS to recognize the watermark that you added using the

FortiExplorer watermark tool.

To create a DLP filter on your FortiOS device:

1. Select Security Profiles > Data Leak Prevention.

2. Select Create New in the toolbar.

The New Filter window opens.

3. In Filter, select Files and set Watermark Sensitivity to Private. In the Corporate Identifier field

enter the text added in Identifier field in FortiExplorer.

4. Select the services that you want to examine.

5. Select the action to take when the watermark is detected. The options include: None, Log

Only, Block, or Quarantine IP Address (for x Minutes).

6. Select OK to save the setting.

7. Apply the DLP Sensor to the applicable firewall policies.

DLP Watermark Tool FortiExplorer v2.5 Build 1079 User Guide

USB Serial Console

In FortiExplorer v2.2 build 1046 or later, you can access the BIOS configuration menu from

within the FortiExplorer shell. The USB serial console is available for devices which do not have

a hardware console port.

Supported models

The following models support this feature.

Accessing the USB serial console menu

You can access the USB serial console menu from within the FortiExplorer shell. On device boot

you will be prompted to press any key to interrupt the boot sequence and enter the BIOS menu.

To access the USB serial console BIOS menu:

1. Install FortiExplorer and launch the application.

2. Connect the management computer to the Fortinet device using the USB cable that was

included in the box.

3. Power on the Fortinet device.

4. At the prompt, press any key.

FortiGate BIOS menu

To enter the BIOS menu, press any key at the Press any key to display configuration menu ..... screen.


FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-60D,

FG-60D-POE, FG-60D-3G4G, FG-70DFG-90D, FG-90D-POE

FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-60D,

FWF-60D-POE, FWF-60D-3G4G, FWF-90D, FWF-90D-POE

FortiGate Rugged FGR-60D


FortiSwitch FS-28C

FortiAP FAP-11C, FAP-28C

If you do not press a key, the device will continue to boot. The time required to complete the

boot is dependent on the system BIOS.

The following options are available in the FortiGate BIOS menu:

• [G]: Get firmware image from TFTP server.

• [F]: Format boot device.

• [I]: Configuration and information.

• [B]: Boot with backup firmware and set as default.

• [Q]: Quit menu and continue to boot.

• [H]: Display this list of options.

Get firmware image from TFTP server

You can upload a new firmware image to your FortiGate device in the BIOS menu. Download

the firmware image from the Customer Service & Support FTP portal. In the portal you can verify

the MD5 checksum of firmware image you downloaded. Place the firmware image in the root

directory of your TFTP server and configure a static IP address on the network adapter of the

management computer.

To load a new firmware image from a TFTP server:

1. Select G in the BIOS menu to start firmware download.

The console displays:

Please connect TFTP server to Ethernet port ‘WAN1’.Enter TFTP server address [192.168.1.145]:

2. Enter the IP address of the management computer running the TFTP server and select

Enter.


Enter Local Address [192.168.1.188]:

3. Enter an unused IP address that is on the same subnet as the TFTP server and select Enter.


Enter firmware image file name [image.out]:

4. Enter the firmware image file name and select Enter.

5. The FortiGate unit installs the new firmware image and restarts, The installation may take a

few minutes to complete.

Format boot device

You can format the boot device in the BIOS configuration menu.

To format the boot device:

1. Select F in the BIOS menu to format the boot device.


It will erase data in boot device. Continue? [yes/no]

2. In the prompt, enter yes and select Enter.

3. The console displays:

Formatting ............ Done

Windows Firewall may block the TFTP connection. If you experience issues when attempting to

TFTP the firmware image, either disable Windows Firewall on your management computer or

configure to allow these connections.

USB Serial Console FortiExplorer v2.5 Build 1079 User Guide



4. Once complete, the configuration menu is displayed.

Configuration and information menu

To access the configuration and information menu, press I in the BIOS menu. In this menu, you

can configure the serial port baudrate, set the image download port, enable or diable DHCP,

and display hardware information.

The following options are available in this menu:

• [S]: Set serial port baudrate (will take effect on next boot).

• [T]: Set image download port (will take effect now and on next boot).

• [C]: Set DHCP enable (will take effect now and on next boot).

• [I]: Display hardware information.

• [Q]: Quit this menu.


Set serial port baudrate

Select S to set the serial port baudrate, select 0-4, and select Enter to save the setting. The

default serial port baudrate is 0: 9600.

[S]: Set serial port baudrate (will take effect on next boot).0: 96001: 192002: 384003: 576004: 115000Enter baudrate option [9600]:

Set image download port

Select T to set the image download port. The default image download port may vary depending

on the device model.

[T]: Set image download port (will take effect now and on next boot).0: Any of port 1 - 71: WAN12: WAN2Enter image download port number [WAN1]:

Enable or disable DHCP

Select C to set DHCP as enabled or disabled. If you do not have a DHCP server enabled on your

management computer, set the DHCP server to disabled.

[C]: Set DHCP enable (will take effect now and on next boot).Current setting: EnabledPlease select DHCP setting[1]: Enable DHCP[2]: Disable DHCP

Display hardware information

Select I to display hardware information. This menu option displays CPU, model, memory, and

BIOS information.


Quit the configuration and information menu

Select Q to quit the configuration and information menu and return to the main BIOS menu.

Display the list of options

Select H to display the list of options in this menu.

Boot with backup firmware and set as default

For devices with two partitions, you can select B to boot with the firmware image on the backup

partition.

[B]: Boot with backup firmware and set as default.Loading backup firmware from boot device...Reinitializing...

Quit menu and continue to boot

To quit the BIOS menu and continue to boot, select Q.

[Q]: Quit menu and continue to boot.

Display this list of options

[H]: Display this list of options.

FortiAP BIOS menu

To enter the BIOS menu, press any key at the Hit any key to stop autoboot screen.

The following options are available in the FortiAP configuration menu:

• [G]: Get OS image from TFTP server.

• [Q]: Quit menu and continue to boot with default OS.


Get OS image from TFTP server.

You can upload a new firmware image to your FortiAP device in the BIOS menu. Download the

firmware image from the Customer Service & Support FTP portal. In the portal you can verify the

MD5 checksum of firmware image you downloaded. Place the firmware image in the root







To load a firmware image from a TFTP server:




2. Enter the IP address of the management computer running the TFTP server and select

Enter.







5. The FortiAP unit installs the new firmware image and restarts, The installation may take a few

minutes to complete.

Quit this menu and continue to boot with default OS

Select Q to quit this menu and continue to boot with the default OS.


Select H to display the list of menu options.

FortiSwitch BIOS menu

To enter the BIOS menu, press any key at the Press any key to display configuration menu ..... screen.

The following options are available in the FortiSwitch BIOS menu:

• [G]: Get firmware image from TFTP server.

• [F]: Format boot device.

• [I]: Configuration and information.

• [B]: Boot with backup firmware and set as default.

• [Q]: Quit menu and continue to boot.








Get firmware image from TFTP server.

You can upload a new firmware image to your FortiSwitch device in the BIOS menu. Download

the firmware image from the Customer Service & Support FTP portal. In the portal you can verify

the MD5 checksum of firmware image you downloaded. Place the firmware image in the root



To load a firmware image from a TFTP server:




2. Enter the IP address of the management computer running the TFTP server and select Enter.







5. The FortiSwitch unit installs the new firmware image and restarts, The installation may take a

few minutes to complete.

Format boot device

You can format the boot device in the BIOS configuration menu.

To format the boot device:

1. Select F in the BIOS menu to start the format.


It will erase data in boot device. Continue? [yes/no]

2. In the prompt, enter yes and select Enter.

3. The console displays:

Formatting ............ Done

4. Once complete, the configuration menu is displayed.

Configuration and information menu

To access the configuration and information menu, press I in the BIOS menu. In this menu, you

can configure the serial port baudrate, set the image download port, enable or diable DHCP,

and display hardware information.






The following options are available in this menu:

• [S]: Set serial port baudrate (will take effect on next boot).

• [T]: Set image download port (will take effect now and on next boot).

• [C]: Set DHCP enable (will take effect now and on next boot).

• [I]: Display hardware information.

• [Q]: Quit this menu.


Set serial port baudrate

Select S to set the serial port baudrate, select 0-4, and select Enter to save the setting. The

default serial port baudrate is 0: 9600.

[S]: Set serial port baudrate (will take effect on next boot).0: 96001: 192002: 384003: 576004: 115000Enter baudrate option [9600]:

Set image download port

Select T to set the image download port. The default image download port may vary depending

on the device model.

[T]: Set image download port (will take effect now and on next boot).0: Any of port 1 - 71: WAN12: WAN2Enter image download port number [WAN1]:

Enable or disable DHCP

Select C to set DHCP as enabled or disabled. If you do not have a DHCP server enabled on your

management computer, set the DHCP server to disabled.

[C]: Set DHCP enable (will take effect now and on next boot).Current setting: EnabledPlease select DHCP setting[1]: Enable DHCP[2]: Disable DHCP

Display hardware information

Select I to display hardware information. This menu option displays CPU, model, memory, and

BIOS information.

Quit the configuration and information menu

Select Q to quit the configuration and information menu and return to the main BIOS menu.

Display the list of options

Select H to display the list of options in this menu.


Boot with backup firmware and set as default

For devices with two partitions, you can select B to boot with the firmware image on the backup

partition.

[B]: Boot with backup firmware and set as default.Loading backup firmware from boot device...Reinitializing...

Quit menu and continue to boot

To quit the BIOS menu and continue to boot, select Q.

[Q]: Quit menu and continue to boot.


[H]: Display this list of options.

Fortinet Hardware Quick Inspection (HQIP)

You can run the Fortinet Hardware Quick Inspection (HQIP) test from the USB Serial Console in

FortiExplorer. You can obtain the HQIP image from Technical Support.

To run the Fortinet Hardware Quick Inspection (HQIP) test:

1. Power on the device and enter the BIOS menu by pressing any key at the prompt.

2. Select [G]: Get firmware image from TFTP server in the configuration menu. See

Get firmware image from TFTP server for information on loading an image from a TFTP

server.

3. The FortiGate will import the HQIP firmware image from the TFTP server.

4. When prompted, select R to run the HQIP firmware image without saving.

5. In the FortiExplorer shell, select Devices > Command-line Interface and login to the device

using the username admin with no password.

6. Enter the following CLI command at the FortiTest prompt to start the HQIP test:

diagnose hqip start

7. Wire the network ports as indicated for the NIC loopback test, install a USB key, and press

any key to continue. The HQIP completes the following tests.

• BIOS Integrity Check

• System Configuration Check

• Memory Test

• CPU Test

• CPU/Memory Performance Test

• FortiASIC Test

• USB Test

• Boot Device Test

• Hard Disk Test

• Network Interface Controller Test

• NPU DDR Memory Test

• LED Test


• Reset Button Test

8. When complete, the HQIP report is displayed. Save the full output and submit to Technical

Support with your support ticket.

9. Reboot the system using the execute reboot CLI command. The device will reboot and

load the regular FortiOS firmware image.


FortiCamera Configuration

Supported models

The following models support this feature.

Detect FortiCamera

In FortiExplorer v2.4 build 1075 or later, you can view and configure FortiCamera from within the

FortiExplorer shell.

Figure 7: FortiCamera config


FortiCamera FCM-20A, FCM-MB13, FCM-OB20

FortiExplorer v2.5 Build 1079 - Fortinet Docs...

Documents

Transcript of FortiExplorer v2.5 Build 1079 - Fortinet Docs...