Several customers reported problems while upgrading to FortiOS 5.4.1. FortGate 60D models did not boot up correctly after the upgrade. Fortinet is aware of the issue and mentioned it in the release notes:
The following 60D models have an issue upon upgrading to FortiOS 5.4.1. The second disk (flash) is unformatted and results in the /var/log/ directory being mounted to an incorrect partition used exclusively for storing the firmware image and booting.
- l FG-60D-POE
- l FG-60D
- l FWF-60D-POE
- l FWF-60D
To fix the problem, follow these steps. If you have not upgraded yet, you only need to perform step 6, otherwise start with step 1.
- Backup your configuration.
- Connect to the console port of the FortiGate device.
- Reboot the system and enter the BIOS menu.
- Format the boot device.
- Burn the firmware image to the primary boot device.
- Once the system finishes rebooting, from the CLI run “execute disk format 16”. This will format the second flash disk.
- Restore your configuration.
Link to release notes:
12 thoughts on “FortiOS 5.4.1 Upgrade / Boot Issue with FortiGate 60D”
Hello. What is your advice about this ? Personnaly, I prefer to wait until the next upgrade…
I would wait as well if possible. Most likely the latest 5.2.x builds are the safest way for critical environments.
But if you’re in need for 5.4.1 because of certain features like FortiSwitch etc. you might be forced to take care of this upgrade proceedure.
On the other hand, if you feel confident you can risk a upgrade. It might actually also work! 🙂 You just need a backup plan, e.g. TFTP server and the firmware image in the case it didn’t! 😉
How to “Connect to the console port of the FortiGate device.”
Fortigate 60D does not have console port. And my device don’t boot, so i can access to console through mgmt port with Fortiexplorer.
Yes, the only way to get an output is the mini USB port with the FortiExplorer for boxes wihtout a console port, right.
If you don’t have any output there, I guess the FortiGate is defective.
gen.2 or later of FG60D has a console port back on the front panel.
i have run into this issue with several 60D’s, does anyone know if this was fixed with firmware version 5.4.2?
It is still mentioned in the release notes but referring to 5.4.1.
Therefor I cannot confirm if it is still happening, sorry.
The release notes for 5.4.2 show that on 2016-12-16 they “Removed Model-60D Boot Issue from the Upgrade section.” This seems to imply that upgrading to 5.4.2, which is a supported upgrade path from 5.4.0, must already take this into account. Anyone find more information about that?
We haven’t seen any problems with 5.4.2 regarding this issue anymore.
Therefor I guess it has been fixed, yes.
No, it hasn’t.
5.4.0 to 5.4.2 on my way to 5.4.5 as prescribed by the supported upgrade path rendered all 6 of my 6 60D units dead.. and all out of state and no technical help on the remote end. After 40 hours to get maintenance staff a cable/laptop/hotspot for me to get BIOS to load 5.4.0 from backup, have an open case with Fortinet.
Sounds like the disk needs to be formatted if you want to upgrade PAST 5.4.0.. so the issue itself is some change in mount layout in general and was not addressed properly.
They asked for some info about that and are suggesting I run ‘exec disk format 16’ which is /dev/sdb.. I’m inquiring if it will blow up my loaded firmware/config or not first.. waiting for our spare unit to arrive before I try again.
Thank you for your response. We will continue to observe the problem.
If we get new information, we will of course forward it to you.
I just ran into this myself for five 60D firewalls and can confirm the “exec disk format 16” did not wipe out the config and it also did not matter weather I executed that command running from the primary or secondary image. After getting through the first one I was able to upgrade all the rest remotely