Symantec Firewall/VPN appliances use a set of program instructions that are coded into their permanent memory. These instructions are collectively called firmware.

You can upgrade your firmware over your network using a TFTP client. Firmware upgrades are available from the Symantec home page. Find your current firmware version on the Status screen of the Web-based user interface. If your firmware is older than the firmware on the Web site, you can download the new firmware to update your Symantec Firewall/VPN appliance.

---

WARNING: This article is directed to firewall administrators or customers with similar technical knowledge. Customers who do not have firewall administration skills should not attempt to make configuration changes as this could bring the firewall down.

---

The following procedure assumes that the firewall appliance uses the default IP address of 192.168.0.1. If you have changed your IP address, replace the IP address in the instructions for upgrading your firmware with the IP address of your appliance. If you must perform a hard reset, your appliance reverts to the default IP address (192.168.0.1).

Upgrading to some firmware versions may erase the configuration settings. Please take note of your settings before you upgrade the firmware. You should not use a configuration backup file from an older firmware to restore the settings.

The firmware can be downloaded at the following links:

• Version 100 Select 100 in Select your product version
• Version 200 Select 200 in Select your product version
• Version 200R Select 200R in Select your product version

To upgrade, you need the firmware that you downloaded from the Symantec Web site and the Nxtftp utility, which is available on the CD in the Utilities folder. The CD comes with a Windows and a DOS version. The firmware download also includes a copy of the utility.

---

Notes:

• Firmware is updated through the Trivial FTP (TFTP) on UDP port 69.
• You can use any TFTP client, set to the binary option, to upload the firmware. This is especially useful if you are not running a Windows operating system on your computer and, therefore, can not run Nxtftpw.exe. TFTP clients are available for many operating systems, including Macintosh, UNIX, Linux, and others.
• Nxtftpw.exe is included in the zip file that can be downloaded from the Symantec Web site.

---

To upgrade firmware on the Symantec Firewall/VPN appliance

1. Download the firmware file to the computer where you will apply the update, and then extract the contents of the file.
2. Turn off the appliance.
3. Move DIP switches 1 and 2 to the on (down) position.
4. Turn the appliance on.
5. With switches 1 and 2 down, turn the appliance off, then on.
6. On the computer from which you are updating the firmware, disable DHCP and statically assign the IP address of 192.168.0.2 to the network interface.
7. Connect the computer directly to one of the LAN ports of the appliance.
8. From the Windows task bar, click Start > Run.
9. In the Run dialog, click Browse.
10. Browse to Nxtftpw.exe file, select Nxtftpw.exe, and then click Open.
11. In the Nexland TFTP v1.00 window, in the Server IP text box, type the IP address of your Symantec Firewall/VPN appliance.
    The default IP address is 192.168.0.1.
12. Click Browse.
13. Browse to the folder where you saved the firmware file.
14. Highlight the firmware, and then click OK.
15. Click PUT.
    After a few moments you should see a "success" message.
16. Turn off the appliance.
17. Return the DIP switches to their normal (off) positions.
18. Turn the appliance on.

There is an APP and an ALL version of the firmware available for download. The APP version (the file name of which ends in app.zip) preserves your configuration settings, whereas the ALL package (the file name of which ends in all.zip) removes all configuration settings. If you are attempting to resolve a problem by upgrading your firmware, and the APP package does not resolve the issue, use the ALL package instead.

If the preceding instructions fail, you must perform a hard reset on the appliance.

---

Note: When performing a reset of the appliance configuration, you must use the ALL upgrade package.

---

To perform a hard reset on the Symantec Firewall/VPN appliance

1. Download the firmware file to the computer where you will apply the update, and then extract the contents of the file.
2. Turn off the appliance.
3. Move DIP switches 2 and 4 to the on position (down).
4. Put the power plug back into the Symantec Firewall/VPN appliance.
   This resets the appliance to its default IP address of 192.168.0.1.
5. Turn the appliance on.
   When the appliance starts, the Error LED indicator and the LAN/WAN Transmit/Receive LED indicator flash in an alternating pattern.
6. On the computer where you are updating the firmware, disable DHCP and statically assign the IP address of 192.168.0.2 to the network interface.
7. Connect the computer directly to one of the LAN ports of the appliance.
8. From the Windows task bar, click Start > Run.
9. In the Run dialog, click Browse.
10. Browse to Nxtftpw.exe file, select Nxtftpw.exe, and then click Open.
11. In the Nexland TFTP v1.00 window, in the Server IP text box, type the 192.168.0.1.
12. Click Browse.
13. Browse to the folder where you saved the firmware file.
14. Highlight the firmware, and then click OK.
15. Click PUT.
    After a few moments you should see a "success" message.
16. Turn off the appliance.
17. Return the DIP switches to their normal (off) positions.
18. Turn the appliance on.

The firmware is now updated.


References
For information on configuring your TCP/IP settings to change from static to dynamic IP addresses, read the documentation for your operating system. If your operating system is listed here, click th operating system for information about changing or configuring your TCP/IP settings:

Windows 98
Windows 2000
Windows XP
Windows 2003