Fortinet black logo

Administration Guide

Upgrading the FortiAnalyzer firmware for an operating cluster

Upgrading the FortiAnalyzer firmware for an operating cluster

You can upgrade the firmware of an operating FortiAnalyzer cluster in the same way as upgrading the firmware of a standalone FortiAnalyzer unit.

Upgrade the secondary units first. Upgrade the primary unit last, after all secondary units have been upgraded and have synchronized with the primary unit. When you upgrade the primary unit, one of the secondary units is automatically selected to be the primary unit following the rules you set up in If the primary unit fails. This allows the HA cluster to continue operating through the upgrade process with primary and secondary units.

During the upgrade, you might see messages about firmware version mismatch. This is to be expected. When the upgrade is completed and all cluster members are at the same firmware version, you should not see this message.

To upgrade FortiAnalyzer HA cluster firmware:
  1. Log into each secondary unit and upgrade the firmware.

    See the FortiAnalyzer Release Notes and FortiAnalyzer Upgrade Guide in the Fortinet Document Library for more information.

  2. Wait for the upgrades to complete and check that the secondary units have joined the HA cluster as secondary units.
  3. Ensure that logs are synchronized with the primary unit.
  4. Upgrade the primary unit.

    When the primary unit is upgraded, it automatically becomes a secondary unit and one of the secondary units is automatically selected to be the primary unit following the rules you set up in If the primary unit fails. This allows the HA cluster to continue operating through the upgrade process with primary and secondary units.

If firmware versions between cluster members do not match, configuration synchronization is disabled. Other synchronization operations continue to function.

You might not be able to connect to the FortiAnalyzer GUI until the upgrade synchronization process is complete. During the upgrade, using SSH or telnet to connect to the CLI might be slow. If necessary, use the console to connect to the CLI.

Upgrading the FortiAnalyzer firmware for an operating cluster

You can upgrade the firmware of an operating FortiAnalyzer cluster in the same way as upgrading the firmware of a standalone FortiAnalyzer unit.

Upgrade the secondary units first. Upgrade the primary unit last, after all secondary units have been upgraded and have synchronized with the primary unit. When you upgrade the primary unit, one of the secondary units is automatically selected to be the primary unit following the rules you set up in If the primary unit fails. This allows the HA cluster to continue operating through the upgrade process with primary and secondary units.

During the upgrade, you might see messages about firmware version mismatch. This is to be expected. When the upgrade is completed and all cluster members are at the same firmware version, you should not see this message.

To upgrade FortiAnalyzer HA cluster firmware:
  1. Log into each secondary unit and upgrade the firmware.

    See the FortiAnalyzer Release Notes and FortiAnalyzer Upgrade Guide in the Fortinet Document Library for more information.

  2. Wait for the upgrades to complete and check that the secondary units have joined the HA cluster as secondary units.
  3. Ensure that logs are synchronized with the primary unit.
  4. Upgrade the primary unit.

    When the primary unit is upgraded, it automatically becomes a secondary unit and one of the secondary units is automatically selected to be the primary unit following the rules you set up in If the primary unit fails. This allows the HA cluster to continue operating through the upgrade process with primary and secondary units.

If firmware versions between cluster members do not match, configuration synchronization is disabled. Other synchronization operations continue to function.

You might not be able to connect to the FortiAnalyzer GUI until the upgrade synchronization process is complete. During the upgrade, using SSH or telnet to connect to the CLI might be slow. If necessary, use the console to connect to the CLI.