No more USB Sticks and CD ROMs for Booting

Recently i got a “IODD ST400 USB 3.0” this can present ISO / VHD Images as CD or USB Stick to the Host. Good thing is you can plug in any 2.5 Inch SATA Drive so no space limits.

1. Create the underlying Filesystem on the SSD
   1. Create a FAT32 Partition and Filesystem
   2. Create an exFAT Partition and Filesystem
2. Convert an IMG File to VHD
3. Fortigate USB Boot
   1. Default Boot settings
   2. Hardware status
   3. USB Stick contents
   4. Config Backup
4. Links

Create the underlying Filesystem on the SSD

dmesg

da2: Fixed Direct Access SPC-4 SCSI device
da2: Serial Number XXX
da2: 400.000MB/s transfers
da2: 122104MB (250069680 512 byte sectors)
da2: quirks=0x2

Create a FAT32 Partition and Filesystem

gpart destroy da2
gpart create -s mbr da2
gpart add -t fat32 da2
newfs_msdos -F32 /dev/da2s1
mount -v -t msdosfs /dev/da2s1 /mnt/

Create an exFAT Partition and Filesystem

pkg install fusefs
pkg install fusefs-exfat
pkg install exfat-utils

gpart delete -i 1 da2
gpart destroy da2
gpart create -s mbr da2
gpart add -t \!07 da2
mkfs.exfat /dev/da2s1
mount.exfat-fuse /dev/da2s1 /mnt/

Convert an IMG File to VHD

qemu-img convert -f raw -O vpc -o subformat=fixed boot.img boot.vhd

Create a new IMG File to use as USB Image

qemu-img create boot.img 4G
mdconfig boot.img
gpart create -s mbr md0
gpart add -t fat16  -b 1M -s 2G md0
newfs_msdos -F16 /dev/md0s1
mount -v -t msdosfs /dev/md0s1 /mnt/
cd /mnt
# do you stuff
touch testfile
cd -
umount /mnt
mdconfig -d -u 0
qemu-img convert -f raw -O vpc -o subformat=fixed boot.img boot.vhd

Fortigate USB Boot

On the iodd put the VHD as first device with “virtual drive = removable” and this will mount the disk created on the Fortigate.

Default Boot settings

# config system auto-install

    set default-config-file "fgt_system.conf"

    set default-image-file "image.out"

end

 

Hardware status

# get hardware status
Model name: FortiGate-60E
ASIC version: SOC3
ASIC SRAM: 64M
CPU: ARMv7
Number of CPUs: 4
RAM: 1866 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: 2047 MB
Network Card chipset: FortiASIC NP6LITE Adapter (rev.)

USB Stick contents

# execute usb-disk list
2024-04-17 16:47:54              2      testfile

Config Backup

# execute backup full-config usb forti01.conf
Please wait...

Copy config forti01.conf to USB disk ...
Copy config file to USB disk OK.

execute restore image usb <filename>

The FortiGate unit responds with the following message:

This operation will replace the current firmware version! Do you want to continue? (y/n)

root@freebsd:~ # gpart show md0
=>  17  4101  md0  MBR  (2.0M)
    17  2031       - free -  (1.0M)
  2048  2067    1  fat16  (1.0M)
  4115     3       - free -  (1.5K)

Links

• https://www.iodd.shop/IODD-ST400-USB-30-External-Encrypted-Hard-Drive-Enclosure
• https://docs.fortinet.com/document/fortigate/7.2.0/sd-wan-sd-branch-architecture-for-mssps/532874/ztp-using-usb-boot
• https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/183352/restoring-from-a-usb-drive
• https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firmware-Upgrade-and-Configuration-Restore-using-a/ta-p/197057