Fortinet black logo

Upgrading an HA cluster

Upgrading an HA cluster

The upgrade page includes an option to upgrade the firmware on all nodes in an HA cluster from the primary node.

The following chain of events occur when you use this option:

  1. The primary node pushes the firmware image to the member nodes.
  2. The primary node notifies the member nodes of the upgrade, and takes on their user traffic during the upgrade.
  3. The upgrade command is run on the member nodes, the systems are rebooted, and the member nodes send the primary node an acknowledgment that the upgrade has been completed.
  4. The upgrade command is run on the primary node, and it reboots. While the primary node is rebooting, a member node assumes the primary node status, and traffic fails over from the former primary node to the new primary node.

After the upgrade process is completed, the system determines whether the original node becomes the primary node, according to the HA Override settings:

  • If Override is enabled, the cluster considers the Device Priority setting. Both nodes usually make a second failover in order to resume their original roles.
  • If Override is disabled, the cluster considers the uptime first. The original primary node will have a smaller uptime due to the order of reboots during the firmware upgrade. Therefore, it will not resume its active role. Instead, the node with the greatest uptime will remain the new primary node. A second failover will not occur.
Before you begin, do the following:
  1. Make sure that you have super user permission (user admin) on the appliance whose firmware you want to upgrade.
  2. Download the firmware file from the Fortinet Customer Service & Support website: https://support.fortinet.com/
  3. Back up your configuration before beginning this procedure. Reverting to an earlier version of the firmware could reset the settings that are not compatible with the new firmware.
  4. Verify that the cluster node members are powered on and available on all of the network interfaces that you have configured. (Note: If required ports are not available, HA port monitoring could inadvertently trigger an additional failover, resulting in traffic interruption during the firmware update.)
  5. You upgrade the alternate partition. Decide which partition you want to upgrade. If necessary, click Boot Alternate Firmware to change the active/alternate partitions.
To update the firmware for an HA cluster:
  1. Log into the web UI of the primary node as the admin administrator.
  2. Go to System > Settings.
  3. Click the Maintenance tab.
  4. Scroll to the Upgrade Firmware button.
  5. Click Choose File to locate and select the file.
  6. Enable the HA Cluster Upgrade.
  7. Click to upload the firmware and start the upgrade process.

After the new firmware has been installed, the system reboots.

When you update software, you are also updating the web UI. To ensure the web UI displays the updated pages correctly:

  • Clear your browser cache.
  • Refresh the page.

In most environments, press Ctrl+F5 to force the browser to get a new copy of the content from the web application. See the Wikipedia article on browser caching issues for a summary of tips for many environments:

https://en.wikipedia.org/wiki/Wikipedia:Bypass_your_cache.

Upgrading an HA cluster

The upgrade page includes an option to upgrade the firmware on all nodes in an HA cluster from the primary node.

The following chain of events occur when you use this option:

  1. The primary node pushes the firmware image to the member nodes.
  2. The primary node notifies the member nodes of the upgrade, and takes on their user traffic during the upgrade.
  3. The upgrade command is run on the member nodes, the systems are rebooted, and the member nodes send the primary node an acknowledgment that the upgrade has been completed.
  4. The upgrade command is run on the primary node, and it reboots. While the primary node is rebooting, a member node assumes the primary node status, and traffic fails over from the former primary node to the new primary node.

After the upgrade process is completed, the system determines whether the original node becomes the primary node, according to the HA Override settings:

  • If Override is enabled, the cluster considers the Device Priority setting. Both nodes usually make a second failover in order to resume their original roles.
  • If Override is disabled, the cluster considers the uptime first. The original primary node will have a smaller uptime due to the order of reboots during the firmware upgrade. Therefore, it will not resume its active role. Instead, the node with the greatest uptime will remain the new primary node. A second failover will not occur.
Before you begin, do the following:
  1. Make sure that you have super user permission (user admin) on the appliance whose firmware you want to upgrade.
  2. Download the firmware file from the Fortinet Customer Service & Support website: https://support.fortinet.com/
  3. Back up your configuration before beginning this procedure. Reverting to an earlier version of the firmware could reset the settings that are not compatible with the new firmware.
  4. Verify that the cluster node members are powered on and available on all of the network interfaces that you have configured. (Note: If required ports are not available, HA port monitoring could inadvertently trigger an additional failover, resulting in traffic interruption during the firmware update.)
  5. You upgrade the alternate partition. Decide which partition you want to upgrade. If necessary, click Boot Alternate Firmware to change the active/alternate partitions.
To update the firmware for an HA cluster:
  1. Log into the web UI of the primary node as the admin administrator.
  2. Go to System > Settings.
  3. Click the Maintenance tab.
  4. Scroll to the Upgrade Firmware button.
  5. Click Choose File to locate and select the file.
  6. Enable the HA Cluster Upgrade.
  7. Click to upload the firmware and start the upgrade process.

After the new firmware has been installed, the system reboots.

When you update software, you are also updating the web UI. To ensure the web UI displays the updated pages correctly:

  • Clear your browser cache.
  • Refresh the page.

In most environments, press Ctrl+F5 to force the browser to get a new copy of the content from the web application. See the Wikipedia article on browser caching issues for a summary of tips for many environments:

https://en.wikipedia.org/wiki/Wikipedia:Bypass_your_cache.