How to upgrade firmware on Gen7 firewall with API tool?
03/14/2022 2 People found this article helpful 417,412 Views
Description
Postman is a platform for API development. Since Gen7 firewalls use API, we can use Postman to upgrade firmware with API. More information about Postman can be found in the following link:https://www.postman.com/product/what-is-postman/
NOTE: Same version of firmware can not be upgraded via API. For example, SonicOS 7.0.1-5018-R1709: its firmware version is 7.0.1-5018. This version may have different minor releases, but as long as its name starts with 7.0.1-5018, then its firmware version is 7.0.1-5018. SonicOS 7.0.1-5030-R2007-H17127-540: firmware version is 7.0.1-5030.
NOTE: The upgrade is one firewall at a time. But we can use variables to quickly change the target firewall IP address in order to upgrade next firewall. Example on upgrading firmware on TZ570 from 7.0.1-5030 to 7.0.1-5050.
Current firewall firmware:
Configured Postman:
Steps:
- Create a folder, example called “Gen 7 firmware upgrade’, define Variables, including IP, PORT, and baseUrl, and Save the settings:
IP: 10.67.10.70 (Is FW IP)
PORT: 443 (is MGMt port of the FW)
baseUrl to be: https://{{IP}}:{{PORT}}/api/sonicos
Here the IP can be changed easily to upgrade next firewall.
- Navigate to Auth_API. POST section has the variables: {{baseUrl}}/auth
In Body section, enter username and password. Then click Send:
It returned “bearer_token”:
Copy/paste the token at “Gen 7 firmware upgrade” folder under Authorization, click Save:
- Next API “Go to Config mode”. The API call is: {{baseUrl}}/config-mode. Its type should be “Inherit auth from parent”:
Click Send, it returned success, the firewall is in Config Mode:
- Next API call “upload firmware”: {{baseUrl}}/import/firmware
The Authorization is still “Inherit auth from parent”:
In Headers section, Content-Type has to be: Multipart/form-data; boundary=<calculated when request is sent> along with that we need Content-length value needs to set as <calculated when request is sent>
At Body, need to enter KEY to be “firmware”, VALUE to select “File”
Click “Select Files” will prompt to select the firmware version 7.0.1-5050:
CONTENT TYPE to be: application/octet-stream:
Click on “Send”. It will take several minutes depending on file size. Here are the results:
- Next API “boot with uploaded firmware”: {{baseUrl}}/boot/uploaded
No need to add or change any value here. Click Send
TIP: Send button is shadowed under "No new changes to save".
It returned message “Success” and Restarting now.
Logging into firewall, confirmed the firmware has been upgraded to 7.0.1-5050:
Related Articles
Categories
Was This Article Helpful?
YESNO