Fortiexplorer User Guide 25

FortiExplorer v2.
5 Build 1079
User Guide
FortiExplorer v2.5 Build 1079 User Guide
October 21, 2014
01-521-202417-20141021
Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and
FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All
other product or company names may be trademarks of their respective owners. Performance
and other metrics contained herein were attained in internal lab tests under ideal conditions,
and actual performance and other results may vary. Network variables, different network
environments and other conditions may affect performance results. Nothing herein represents
any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or
implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets
General Counsel, with a purchaser that expressly warrants that the identified product will
perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be
binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the
same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any covenants,
representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves
the right to change, modify, transfer, or otherwise revise this publication without notice, and the
most current version of the publication shall be applicable.
Fortinet Document Library docs.fortinet.com

Fortinet Video Library video.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 5
Introduction....................................................................................................... 6
Supported models ................................................................................................... 6
FortiExplorer v2.5 Build 1079 support ..................................................................... 7
Download FortiExplorer ........................................................................................... 7
Firmware image checksums .................................................................................... 8
Installing FortiExplorer..................................................................................... 9
Installing FortiExplorer ............................................................................................. 9
Microsoft Windows install .................................................................................. 9
Mac OS X install............................................................................................... 10
Configuration options ............................................................................................ 10
Updating FortiExplorer and firmware..................................................................... 10
Register your device from FortiExplorer ................................................................ 11
Setup Wizard................................................................................................... 13
System settings ..................................................................................................... 13
Admin password .............................................................................................. 13
Time zone......................................................................................................... 13
Network.................................................................................................................. 13
Internet WAN connection................................................................................. 14
LAN settings..................................................................................................... 14
Security .................................................................................................................. 14
Schedule .......................................................................................................... 14
Internet access policy ...................................................................................... 14
Remote VPN .................................................................................................... 15
Configuration ......................................................................................................... 15
Summary.......................................................................................................... 15
FortiCloud ........................................................................................................ 15
Device Management Options ........................................................................ 16
Connecting to the Web-based Manager ............................................................... 16
Connecting to the CLI console .............................................................................. 17
Firmware ......................................................................................................... 18
Add model ............................................................................................................. 18
Download firmware images ................................................................................... 18
Uploaded firmware ................................................................................................ 19
DLP Watermark Tool ...................................................................................... 20
Using the DLP watermark tool............................................................................... 20
Apply watermark output message ................................................................... 21
Page 3
FortiExplorer command line Watermark tool ......................................................... 21
Create a filter in FortiOS ........................................................................................ 22
USB Serial Console ........................................................................................ 23
Supported models ................................................................................................. 23
Accessing the USB serial console menu ............................................................... 23
FortiGate BIOS menu............................................................................................. 23
Get firmware image from TFTP server ............................................................. 24
Format boot device.......................................................................................... 24
Configuration and information menu ............................................................... 25
Boot with backup firmware and set as default ................................................ 26
Quit menu and continue to boot ...................................................................... 26
Display this list of options ................................................................................ 26
FortiAP BIOS menu................................................................................................ 26
Get OS image from TFTP server...................................................................... 26
Quit this menu and continue to boot with default OS...................................... 27
FortiSwitch BIOS menu ......................................................................................... 27
Get firmware image from TFTP server. ............................................................ 28
Format boot device.......................................................................................... 28
Configuration and information menu ............................................................... 28
Boot with backup firmware and set as default ................................................ 30
Quit menu and continue to boot ...................................................................... 30
Fortinet Hardware Quick Inspection (HQIP)........................................................... 30
FortiCamera Configuration............................................................................ 32
Supported models ................................................................................................. 32
Detect FortiCamera................................................................................................ 32
Table of Contents Page 4 FortiExplorer v2.5 Build 1079 User Guide

Change Log
Date Change Description
2013-04-10 Initial release.
2013-04-17 Added supported file type information for Watermark tool.
2013-05-27 Added USB Console Access chapter.
2013-06-10 Updated for v2.3 build 1052.
2014-10-21 Updated for v2.5 build 1079.
Page 5
Introduction
FortiExplorer is a standalone software solution that allows you to connect to your Fortinet
device using the USB interface of your management computer. FortiExplorer provides direct
access to the FortiOS setup wizard, Web-based Manager, and CLI console. FortiExplorer also
provides useful tools to allow you to manage firmware versions for various managed devices
and a watermark tool which can be used to apply a watermark signature to confidential files.
Not all FortiExplorer features mentioned in this document are available for all Fortinet device
models.
Supported models
FortiExplorer v2.5 build 1079 supports the following models.

Table 1: Supported models
FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C,

FG-60C-POE, FG-60C-SFP, FG-60D, FG-60D-3G4G, FG-60D-POE,
FG-70D, FG-90D, FG-90D-POE, FG-92D, FG-94D-POE, FG-100D,
FG-140D, FG-140D-POE, FG-140D-POE-T1, FG-200D, FG-200D-POE,
FG-240D, FG-240D-POE, FG-280D-POE, FG-300C, FG-300D, FG-500D,
FG-600C, FG-800C, FG-1000C, FG-1000D, FG-1200D, FG-1500D,
FG-3240C, FG-3600C, FG-3700D
FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C,

FWF-60C, FWF-60CM, FWF-60CM-3G4G-B, FWF-60CX-ADSL-A,
FWF-60D, FWF-60D-3G4G, FWF-60D-POE, FWF-90D, FWF-90D-POE,
FWF-92D
FortiGate Rugged FGR-60D
FortiGateVoice FGV-70D4
FortiSwitch FS-28C, FS-324B-POE, FS-348B, FS-448B
FortiAP FAP-11C, FAP-28C.
FortiCamera FCM-20A, FCM-MB13, FCM-OB20
See the FortiExplorer v2.5 Build 1079 Release Notes for additional information on FortiExplorer.
Page 6
FortiExplorer v2.5 Build 1079 support
The following table lists FortiExplorer v2.5 Build 1079 product integration and support
information.
Table 2: FortiExplorer v2.5 Build 1079 support
FortiOS v5.2.0 and later

v5.0.3 and later
FortiSwitch OS v2.0.0 and later
FortiAP v5.2.0 and later

v5.0.4 and later
Download FortiExplorer
FortiExplorer is available for download from the Customer Service & Support web site
ihttps://support.fortinet.com in firmware images and from the Fortinet Resource Center
http://www.fortinet.com/resource_center/product_downloads.html. FortiExplorer is available for
both Microsoft Windows and Mac OS X computers.
The Watermark Tool is available for FortiExplorer v2.5 Build 1079 for Microsoft Windows only.
You can download the following FortiExplorer software from the Customer Service & Support
portal.
Microsoft Windows (XP, Vista, 7, 8, 8.1)

FortiExplorerSetup_xp_2.5.1079.exe
This image includes the FortiExplorer executable, the Microsoft Windows USB driver library,
and .net framework library.
FortiExplorerSetup_win_2.5.1079.msi
This image includes the FortiExplorer MSI file.
FortiExplorerSetup_win_upgrade_2.5.1079.msi
This image includes the FortiExplorer MSI file and the Microsoft Windows USB driver library.
This upgrade image can be used on all Microsoft Windows operating systems.
FortiExplorer_OnlineInstaller_2.5.1079.exe
This image is an online installer for FortiExplorer. When run, it will download the full installer
from the FortiGuard Distribution Servers (FDS). This image can be used on a Microsoft
Windows 7 operating system.
Introduction Page 7 FortiExplorer v2.5 Build 1079 User Guide

Mac OS X (v10.6 Snow Leopard, v10.7 Lion, v10.8 Mountain Lion, v10.9 Mavericks, v10.10
Yosemite)
FortiExplorer-2.5.1079.dmg
This image includes the FortiExplorer executable, the Mac OS X USB driver library, and .net
framework library.
FortiExplorer_OnlineInstaller-2.5.1079.dmg
This image is an online installer for FortiExplorer. When run, it will download the full installer
from the FortiGuard Distribution Servers (FDS).
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the
Customer Service & Support portal, https://support.fortinet.com. After logging in select
Download > Firmware Image Checksums, enter the image file name including the extension,
and select Get Checksum Code
Introduction Page 8 FortiExplorer v2.5 Build 1079 User Guide

Installing FortiExplorer
FortiExplorer provides a user-friendly tool that you can use to configure a FortiGate unit over a
standard USB connection, rather than using a console cable or Ethernet connection.
Figure 1: Example connection to device
When using the FortiExplorer setup wizard for the first time, ensure the FortiGate unit is using its
factory default settings.
Do not connect the USB cable until after FortiExplorer has been installed.
The following topics are discussed in this section:

Configuration options
Updating FortiExplorer and firmware
Register your device from FortiExplorer
FortiExplorer v2.5 Build 1079 is available for Microsoft Windows XP, Vista, 7, 8, and 8.1.
FortiExplorer v2.5 Build 1079 is available for Mac OS X v10.6 Snow Leopard, v10.7 Lion, v10.8
Mountain Lion, v10.9 Mavericks, and v10.10 Yosemite.
Microsoft Windows install

To install FortiExplorer on a Microsoft Windows workstation:
1. Double-click the .msi or .exe file and follow the instructions on-screen. If loading from the
CD, select the appropriate version for your operating system.
2. Connect the USB cable to the FortiGate unit and then to the management computer.
Page 9
3. The FortiExplorer Fortinet Device Easy Configuration Utility opens when the USB cable is
connected. Select Install the hardware automatically and select Next.
4. After a moment, FortiExplorer will launch.
Mac OS X install
To install FortiExplorer on a Mac OS X workstation:
1. Double-click the .dmg file and drag the FortiExplorer program file into the Applications
folder.
2. Connect the USB cable to the FortiGate unit and then to the management computer.
3. Double-click the FortiExplorer icon to launch the application.
Configuration options
With FortiExplorer, you are provided a number of options on how to configure the FortiGate unit,
depending on your level of comfort with various interfaces.
The below image shows the FortiExplorer tool connected to a FortiGate 60C device.
Figure 2: FortiExplorer tool
Updating FortiExplorer and firmware
FortiExplorer may be automatically updated from time to time. Select the checkbox at the
bottom of the page to remember the device and check for updates with FDS automatically.
Installing FortiExplorer Page 10 FortiExplorer v2.5 Build 1079 User Guide

FortiExplorer will also monitor firmware updates for your devices and provide an alert when one
is available. FortiExplorer lists the three most recent firmware images that are available for your
device on the main page.
Register your device from FortiExplorer
You can use FortiExplorer to register your Fortinet device. By registering your device, you can
download firmware images, receive FortiGuard service updates including virus and attack
definitions, VCM updates, and access Fortinet Customer Service & Support.
You can select to register the device to an existing FortiCare account, see Figure 3, or you can
create a new FortiCare account, see Figure 4.
To register the device to an existing FortiCare account, select Existing FortiCare User - FortiCare
Login, enter your FortiCare username and password, select the country in the drop-down menu,
select the reseller in the drop-down menu, and select Register.
Figure 3: Register device to existing FortiCare account

To create a new FortiCare account, select New User - Create FortiCare Account, enter the
applicable information in the required fields and select Register.
Figure 4: Register device to new FortiCare account
Once registration is complete, the device will reflect a Registered status on the FortiExplorer
home page.

Setup Wizard
FortiExplorer allows you to configure your FortiGate unit using the setup wizard in FortiOS from
the FortiExplorer shell.
The setup wizard is intended for initial configuration of your device and includes basic settings.
This feature is not available on all device types. Options in the setup wizard will vary based on
the firmware version, device type, and features the device supports. This chapter provides an
overview of the options for a FortiGate 60C running FortiOS v5.2.0.
Select Setup Wizard in the left-hand devices menu and log in to your device. The default login
credentials are admin/no password.
System settings
Device system settings include setting the admin password, and setting time zone information.
Admin password
Select the checkbox to change the admin password. The default password is no password,
leave the Old Password field blank and enter the new password. Changing the password will
require re-authentication when the setup wizard is complete.
Time zone
Select the appropriate time zone for your location in the drop-down menu.
Network
Network settings include the Internet WAN connection and LAN settings.
The network menu is determined by the WAN topology selection. Menu items that are not
applicable to the topology selected will not be available.
Page 13
Internet WAN connection
Select the connection type for your Internet connection. Select one of the following:
DHCP, if your ISP automatically assigns you a dynamic IP address
Static IP, if your ISP assigns you a specific IP address or a group of addresses
Enter the IP address, netmask, default gateway IP address, and DNS server IP address for
WAN1.
PPPoE, if your ISP provided you with client software, a username, and a password
Enter the PPPoE username and password.
Contact your Internet service provider (ISP) if you are unsure which Internet connection type to
select for your primary WAN connection.
LAN settings
One this page you can configure LAN settings. Enter the IP address and netmask for the internal
interface or leave the default values. Select the checkbox to enable DHCP and enter the start
and end IP address.
Security
Security settings include schedule, Internet access policy, and remote VPN settings.
Schedule
On the you can configure the Internet access schedule. You can select to enable Internet
access to a specified schedule or set to allow access always.
Internet access policy

This policy will enable Internet connectivity for the internal LAN and WiFi interfaces. The
selected traffic forwarding and UTM inspection options be applied to this policy. You can
configure the following settings:
Enable Network Address Translation (NAT)
Block viruses and malicious content
Enable Parental Control for Web Filtering
Monitor application usage and block unproductive applications.
The FortiGate setup wizard deletes all security policies and adds a single security policy
configured by the wizard to allow Internet access from the Internal network.
Setup Wizard Page 14 FortiExplorer v2.5 Build 1079 User Guide

Remote VPN
Select the checkbox to allow remote VPN access. You can configure up to three users and
select either SSL VPN or IPsec VPN. When selecting SSL VPN you can configure up to five SSL
VPN bookmarks. When selecting IPsec VPN, enter the pre-shared key.
Configuration
Configuration settings include summary and FortiCloud settings.
Summary
The summary page allows you to verify the settings configured in the setup wizard before
committing the changes. In this page you can also select to print FortiClient VPN setup
instructions. Select Configure to save the settings to the device.
FortiCloud
In the FortiCloud page you can configure the device to send logs to your FortiCloud account.
Once the setup wizard in finished, you will be prompted to log back into the device.
Setup Wizard Page 15 FortiExplorer v2.5 Build 1079 User Guide

Device Management Options
After installing and setting up the basic settings for your device, you can use FortiExplorer to
connect to the devices Web-based Manager and CLI console for ongoing administration.
Connecting to the Web-based Manager
Connecting to the CLI console
Connecting to the Web-based Manager
To connect to the device Web-based Manager, go to Devices > Web-based Manager, and enter
your username and password. Optionally, select Tools > Web-based Manager to launch a web
browser session with the device on 127.0.0.1:12180.
When accessing the Web-based Manager from within the FortiExplorer shell, you can access
detailed content-sensitive online help that displays for the current Web-based Manager page.
Configuration changes made in the Web-based Manager take effect immediately, without
resetting the device of interrupting service.
Figure 5: Web-based Manager device access
For more information on configuring your FortiOS device see the FortiOS Handbook 5.0.
Page 16
Connecting to the CLI console
The command line interface (CLI) is an alternative method of configuring the FortiGate unit. The
CLI complements the web-based manager in that it not only has the same configuration
options, but additional settings not available through the web-based manager.
The CLI contains commands and sub-commands that are used to configure a features settings,
and you can upload batches of commands from a text file.
To connect to the device command line interface, go to Devices > Command-line Interface, and
enter your username and password. Optionally, select Tools > Command-line Interface to
launch a Telnet session window on 127.0.0.1.
Figure 6: CLI console device access
For more information on using the CLI console see the CLI Reference for FortiOS 5.0.
Device Management Options Page 17 FortiExplorer v2.5 Build 1079 User Guide
Firmware
You can use FortiExplorer to store and monitor firmware versions for managed Fortinet devices.
FortiExplorer will display the three most recent builds for the device. You can select Download,
enter your FortiCare username and password, and download the firmware image to
FortiExplorer. Optionally, you can download specific firmware images from the Customer
Service & Support website and upload the image to FortiExplorer.
Add model
Download firmware images
Uploaded firmware
Add model
Select Add Model in the toolbar to add device models to the Monitored Firmware page. In
FortiExplorer v2.5 Build 1079 you can add the following devices:
FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C,

FG-60C-POE, FG-60C-SFP, FG-60D, FG-60D-POE, FG-70D, FG-90D,
FG-90D-POE, FG-94D-POE, FG-100D, FG-140D, FG-140D-POE,
FG-140D-POE-T1, FG-200D, FG-240D, FG-280D-POE, FG-300C,
FG-300D, FG-600C, FG-800C, FG-1000C, FG-1000D, FG-3240C,
FG-3600C
FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C,

FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60D-POE,
FWF-90D, FWF-90D-POE
FortiAP FAP-11C, FAP-28C.
Download firmware images
When selecting to download a firmware image, you will be prompted to enter your FortiCare
account credentials. The firmware image will be saved to FortiExplorer. Only the three most
current firmware versions are displayed in Online Updates.
When connected to the FortiGate device you can select to Install the firmware image.
Before upgrading or downgrading the device, always read and review the applicable Firmware
Release Notes. The Firmware Release Notes are available on the Customer Service & Support
site in the file folder that contains firmware images. The Release Notes include support
information, special notices, supported upgrade and downgrade paths, resolved and known
issues for the firmware release.
Page 18
Uploaded firmware
Optionally, you can upload firmware image .out files that you have downloaded from the
Customer Service & Support site into the FortiExplorer shell. You can upload firmware image
files for any monitored device.
When connected to the FortiGate device you can select to Install the firmware image.
Before upgrading or downgrading the device, always read and review the applicable Firmware
Release Notes. The Firmware Release Notes are available on the Customer Service & Support
site in the file folder that contains firmware images. The Release Notes include support
information, special notices, supported upgrade and downgrade paths, resolved and known
issues for the firmware release.
Firmware Page 19 FortiExplorer v2.5 Build 1079 User Guide

DLP Watermark Tool
Watermarking is essentially marking files with a digital pattern to mark the file as being
proprietary to a specific company. The Watermark tool will apply a digital watermark to the file.
You can also select to add the watermark to an entire directory. The tool adds a small
(approximately 178 bytes) pattern to the file that is recognized by the DLP watermark filter
configured on your FortiOS device.
The following file types are supported: .txt, .pdf, .doc, .xls, .ppt, .docx, .pptx, and .xlsx.
The Watermark Tool is available for FortiExplorer v2.5 Build 1079 for Microsoft Windows only.
Watermarks can only be removed using the command line Watermark tool.

Using the DLP watermark tool
Create a filter in FortiOS
Using the DLP watermark tool
You can use the FortiExplorer DLP watermark tool to apply a corporate identifier to a specific
file or directory.
Apply a DLP watermark to a specific file:

1. Select Tools > DLP Watermark in the left hand menu. You can select to apply the watermark
to a specific file or to an entire directory.
2. Select the search icon to the right of the Select File field and browse for the file on your
workstation.
3. Select the sensitivity level in the drop-down menu. Select one of the following: Critical,
Private, or Warning.
4. Enter the corporate identifier in the Identifier field. The identifier can include 26
alpha-numeric and special characters.
5. Select the search icon to the right of the Output Directory field and browse for a folder on
your workstation to save the watermarked file.
Page 20
6. Select Apply Watermark to apply the watermark to the selected file or directory.
You can apply multiple Watermarks to a file or directory.
Apply watermark output message

The following is an example output message generated by FortiExplorer when applying a
watermark to a specific file.
> fortinet-watermark-win.exe -v -f
"C:\Users\username\Desktop\FEXP\FortiExplorer_25_RN_253431\Outp
ut\fortiexplorer-v2.5-release-notes.pdf" -i
"FTNTPrivateAndConfidentialFTNT" -l "Private" -o
"C:\Users\username\Desktop"
-->
'C:\Users\username\Desktop\FEXP\FortiExplorer_25_RN_253431\Outp
ut\fortiexplorer-v2.5-release-notes.pdf'
--------------------------------------------------------
1 file(s) processed. (success = 1, failure = 0)
FortiExplorer command line Watermark tool
FortiExplorer v2.5 Build 1079 installer includes a command line Watermark tool,
fortinet-watermark-win.exe. This file is located in the C: > Program Files >
Fortinet > FortiExplorer directory. This tool can be launched from the
Administrator Command Prompt and can be used to add or delete Watermarks.
The following syntax lists usage and options available in this tool:
C:\>fortinet-watermark-win.exe
USAGE: fortinet-watermark-win.exe <options> -f <file name> -i
<identifier> -l <sensitivity level>
fortinet-watermark-win.exe <options> -d <directory> -i
<identifier> -l <sensitivity level>
Options:
-h print help
-v verbose information
-I inplace watermarking (don't copy file)
-o output directory
-e encode <to non-readable>
-a add additional watermark (by default replaces watermarks
existing watermarks)
-D delete all watermarks
DLP Watermark Tool Page 21 FortiExplorer v2.5 Build 1079 User Guide
Create a filter in FortiOS
You need to create a filter in FortiOS to recognize the watermark that you added using the
FortiExplorer watermark tool.
To create a DLP filter on your FortiOS device:

1. Select Security Profiles > Data Leak Prevention.
2. Select Create New in the toolbar.
The New Filter window opens.
3. In Filter, select Files and set Watermark Sensitivity to Private. In the Corporate Identifier field
enter the text added in Identifier field in FortiExplorer.
4. Select the services that you want to examine.
5. Select the action to take when the watermark is detected. The options include: None, Log
Only, Block, or Quarantine IP Address (for x Minutes).
6. Select OK to save the setting.
7. Apply the DLP Sensor to the applicable firewall policies.
DLP Watermark Tool Page 22 FortiExplorer v2.5 Build 1079 User Guide
USB Serial Console
In FortiExplorer v2.2 build 1046 or later, you can access the BIOS configuration menu from
within the FortiExplorer shell. The USB serial console is available for devices which do not have
a hardware console port.
Supported models
The following models support this feature.

FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-60D,

FG-60D-POE, FG-60D-3G4G, FG-70DFG-90D, FG-90D-POE
FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-60D,

FWF-60D-POE, FWF-60D-3G4G, FWF-90D, FWF-90D-POE
FortiGate Rugged FGR-60D
FortiSwitch FS-28C
FortiAP FAP-11C, FAP-28C
Accessing the USB serial console menu
You can access the USB serial console menu from within the FortiExplorer shell. On device boot
you will be prompted to press any key to interrupt the boot sequence and enter the BIOS menu.
To access the USB serial console BIOS menu:

1. Install FortiExplorer and launch the application.
2. Connect the management computer to the Fortinet device using the USB cable that was
included in the box.
3. Power on the Fortinet device.
4. At the prompt, press any key.
FortiGate BIOS menu
To enter the BIOS menu, press any key at the Press any key to display
configuration menu ..... screen.
If you do not press a key, the device will continue to boot. The time required to complete the
boot is dependent on the system BIOS.
Page 23
The following options are available in the FortiGate BIOS menu:
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[I]: Configuration and information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Get firmware image from TFTP server

You can upload a new firmware image to your FortiGate device in the BIOS menu. Download
the firmware image from the Customer Service & Support FTP portal. In the portal you can verify
the MD5 checksum of firmware image you downloaded. Place the firmware image in the root
directory of your TFTP server and configure a static IP address on the network adapter of the
management computer.
To load a new firmware image from a TFTP server:

1. Select G in the BIOS menu to start firmware download.
The console displays:
Please connect TFTP server to Ethernet port WAN1.
Enter TFTP server address [192.168.1.145]:
2. Enter the IP address of the management computer running the TFTP server and select
Enter.
Enter Local Address [192.168.1.188]:
3. Enter an unused IP address that is on the same subnet as the TFTP server and select Enter.
Enter firmware image file name [image.out]:
4. Enter the firmware image file name and select Enter.
5. The FortiGate unit installs the new firmware image and restarts, The installation may take a
few minutes to complete.
Windows Firewall may block the TFTP connection. If you experience issues when attempting to
TFTP the firmware image, either disable Windows Firewall on your management computer or
configure to allow these connections.
Format boot device

You can format the boot device in the BIOS configuration menu.
To format the boot device:

1. Select F in the BIOS menu to format the boot device.
It will erase data in boot device. Continue? [yes/no]
2. In the prompt, enter yes and select Enter.
3. The console displays:
Formatting ............ Done
USB Serial Console Page 24 FortiExplorer v2.5 Build 1079 User Guide
4. Once complete, the configuration menu is displayed.
Configuration and information menu

To access the configuration and information menu, press I in the BIOS menu. In this menu, you
can configure the serial port baudrate, set the image download port, enable or diable DHCP,
and display hardware information.
The following options are available in this menu:
[S]: Set serial port baudrate (will take effect on next boot).
[T]: Set image download port (will take effect now and on next boot).
[C]: Set DHCP enable (will take effect now and on next boot).
[I]: Display hardware information.
[Q]: Quit this menu.
Set serial port baudrate

Select S to set the serial port baudrate, select 0-4, and select Enter to save the setting. The
default serial port baudrate is 0: 9600.
0: 9600
1: 19200
2: 38400
3: 57600
4: 115000
Enter baudrate option [9600]:
Set image download port

Select T to set the image download port. The default image download port may vary depending
on the device model.
0: Any of port 1 - 7
1: WAN1
2: WAN2
Enter image download port number [WAN1]:
Enable or disable DHCP

Select C to set DHCP as enabled or disabled. If you do not have a DHCP server enabled on your
management computer, set the DHCP server to disabled.
Current setting: Enabled
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
Display hardware information

Select I to display hardware information. This menu option displays CPU, model, memory, and
BIOS information.
Quit the configuration and information menu
Select Q to quit the configuration and information menu and return to the main BIOS menu.
Display the list of options

Select H to display the list of options in this menu.
Boot with backup firmware and set as default

For devices with two partitions, you can select B to boot with the firmware image on the backup
partition.
Loading backup firmware from boot device...
Reinitializing...
Quit menu and continue to boot

To quit the BIOS menu and continue to boot, select Q.
Display this list of options

FortiAP BIOS menu
To enter the BIOS menu, press any key at the Hit any key to stop autoboot screen.
The following options are available in the FortiAP configuration menu:

[G]: Get OS image from TFTP server.
[Q]: Quit menu and continue to boot with default OS.
Get OS image from TFTP server.

You can upload a new firmware image to your FortiAP device in the BIOS menu. Download the
firmware image from the Customer Service & Support FTP portal. In the portal you can verify the
MD5 checksum of firmware image you downloaded. Place the firmware image in the root
To load a firmware image from a TFTP server:
2. Enter the IP address of the management computer running the TFTP server and select
Enter.
5. The FortiAP unit installs the new firmware image and restarts, The installation may take a few
minutes to complete.
Quit this menu and continue to boot with default OS

Select Q to quit this menu and continue to boot with the default OS.

Select H to display the list of menu options.
FortiSwitch BIOS menu
To enter the BIOS menu, press any key at the Press any key to display
configuration menu ..... screen.
The following options are available in the FortiSwitch BIOS menu:

[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[I]: Configuration and information.
Get firmware image from TFTP server.
You can upload a new firmware image to your FortiSwitch device in the BIOS menu. Download
the firmware image from the Customer Service & Support FTP portal. In the portal you can verify
the MD5 checksum of firmware image you downloaded. Place the firmware image in the root
To load a firmware image from a TFTP server:

2. Enter the IP address of the management computer running the TFTP server and select Enter.
5. The FortiSwitch unit installs the new firmware image and restarts, The installation may take a
few minutes to complete.
Format boot device

You can format the boot device in the BIOS configuration menu.
To format the boot device:

1. Select F in the BIOS menu to start the format.
It will erase data in boot device. Continue? [yes/no]
2. In the prompt, enter yes and select Enter.
3. The console displays:
Formatting ............ Done
4. Once complete, the configuration menu is displayed.
Configuration and information menu

To access the configuration and information menu, press I in the BIOS menu. In this menu, you
can configure the serial port baudrate, set the image download port, enable or diable DHCP,
and display hardware information.
The following options are available in this menu:
[I]: Display hardware information.
[Q]: Quit this menu.
Set serial port baudrate

Select S to set the serial port baudrate, select 0-4, and select Enter to save the setting. The
default serial port baudrate is 0: 9600.
0: 9600
1: 19200
2: 38400
3: 57600
4: 115000
Enter baudrate option [9600]:
Set image download port

Select T to set the image download port. The default image download port may vary depending
on the device model.
0: Any of port 1 - 7
1: WAN1
2: WAN2
Enter image download port number [WAN1]:
Enable or disable DHCP

Select C to set DHCP as enabled or disabled. If you do not have a DHCP server enabled on your
management computer, set the DHCP server to disabled.
Current setting: Enabled
Please select DHCP setting
[1]: Enable DHCP
[2]: Disable DHCP
Display hardware information

Select I to display hardware information. This menu option displays CPU, model, memory, and
BIOS information.
Quit the configuration and information menu

Select Q to quit the configuration and information menu and return to the main BIOS menu.
Display the list of options

Select H to display the list of options in this menu.
Boot with backup firmware and set as default
For devices with two partitions, you can select B to boot with the firmware image on the backup
partition.
Loading backup firmware from boot device...
Reinitializing...
Quit menu and continue to boot

To quit the BIOS menu and continue to boot, select Q.

Fortinet Hardware Quick Inspection (HQIP)
You can run the Fortinet Hardware Quick Inspection (HQIP) test from the USB Serial Console in
FortiExplorer. You can obtain the HQIP image from Technical Support.
To run the Fortinet Hardware Quick Inspection (HQIP) test:

1. Power on the device and enter the BIOS menu by pressing any key at the prompt.
2. Select [G]: Get firmware image from TFTP server in the configuration menu. See
Get firmware image from TFTP server for information on loading an image from a TFTP
server.
3. The FortiGate will import the HQIP firmware image from the TFTP server.
4. When prompted, select R to run the HQIP firmware image without saving.
5. In the FortiExplorer shell, select Devices > Command-line Interface and login to the device
using the username admin with no password.
6. Enter the following CLI command at the FortiTest prompt to start the HQIP test:
diagnose hqip start
7. Wire the network ports as indicated for the NIC loopback test, install a USB key, and press
any key to continue. The HQIP completes the following tests.
BIOS Integrity Check
System Configuration Check
Memory Test
CPU Test
CPU/Memory Performance Test
FortiASIC Test
USB Test
Boot Device Test
Hard Disk Test
Network Interface Controller Test
NPU DDR Memory Test
LED Test
Reset Button Test
8. When complete, the HQIP report is displayed. Save the full output and submit to Technical
Support with your support ticket.
9. Reboot the system using the execute reboot CLI command. The device will reboot and
load the regular FortiOS firmware image.
FortiCamera Configuration
Supported models
The following models support this feature.

FortiCamera FCM-20A, FCM-MB13, FCM-OB20
Detect FortiCamera
In FortiExplorer v2.4 build 1075 or later, you can view and configure FortiCamera from within the
FortiExplorer shell.
Figure 7: FortiCamera config
Page 32

Fortiexplorer User Guide 25

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Fortiexplorer User Guide 25

Încărcat de

Drepturi de autor:

Formate disponibile

FortiExplorer v2.

Fortinet Document Library docs.fortinet.com

Table of Contents Page 4 FortiExplorer v2.5 Build 1079 User Guide

Date Change Description

2013-04-10 Initial release.

2013-04-17 Added supported file type information for Watermark tool.

2013-05-27 Added USB Console Access chapter.

2013-06-10 Updated for v2.3 build 1052.

2014-10-21 Updated for v2.5 build 1079.

FortiExplorer v2.5 build 1079 supports the following models.

FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C,

FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C,

FortiGate Rugged FGR-60D

FortiSwitch FS-28C, FS-324B-POE, FS-348B, FS-448B

FortiAP FAP-11C, FAP-28C.

FortiCamera FCM-20A, FCM-MB13, FCM-OB20

FortiOS v5.2.0 and later

FortiSwitch OS v2.0.0 and later

FortiAP v5.2.0 and later

Microsoft Windows (XP, Vista, 7, 8, 8.1)

Introduction Page 7 FortiExplorer v2.5 Build 1079 User Guide

Firmware image checksums

Introduction Page 8 FortiExplorer v2.5 Build 1079 User Guide

Figure 1: Example connection to device

The following topics are discussed in this section:

Microsoft Windows install

Figure 2: FortiExplorer tool

Updating FortiExplorer and firmware

Installing FortiExplorer Page 10 FortiExplorer v2.5 Build 1079 User Guide

Register your device from FortiExplorer

Figure 3: Register device to existing FortiCare account

Installing FortiExplorer Page 11 FortiExplorer v2.5 Build 1079 User Guide

Figure 4: Register device to new FortiCare account

Installing FortiExplorer Page 12 FortiExplorer v2.5 Build 1079 User Guide

Internet access policy

Setup Wizard Page 14 FortiExplorer v2.5 Build 1079 User Guide

Configuration settings include summary and FortiCloud settings.

Setup Wizard Page 15 FortiExplorer v2.5 Build 1079 User Guide

Connecting to the Web-based Manager

Figure 5: Web-based Manager device access

Figure 6: CLI console device access

FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C,

FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C,

FortiAP FAP-11C, FAP-28C.

Download firmware images

Firmware Page 19 FortiExplorer v2.5 Build 1079 User Guide

The following topics are discussed in this section:

Using the DLP watermark tool

Apply a DLP watermark to a specific file:

You can apply multiple Watermarks to a file or directory.

Apply watermark output message

FortiExplorer command line Watermark tool

To create a DLP filter on your FortiOS device:

The following models support this feature.

FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-60D,

FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-60D,

FortiGate Rugged FGR-60D

FortiAP FAP-11C, FAP-28C

Accessing the USB serial console menu

To access the USB serial console BIOS menu:

FortiGate BIOS menu

Get firmware image from TFTP server

To load a new firmware image from a TFTP server:

Format boot device