Fortinet white logo
Fortinet white logo

Administration Guide

Upgrading all device firmware by following the upgrade path (federated update)

Upgrading all device firmware by following the upgrade path (federated update)

When performing a Fabric upgrade or non-Fabric upgrade under System > Fabric Management and choosing a firmware that requires multiple builds in the upgrade path, the FortiGate can follow the upgrade path to complete the upgrade automatically. This process is sometimes called a federated update. A federated update can be performed immediately or during a scheduled time.

Note

To demonstrate the functionality of this feature, this example uses FortiGates that are running and upgrading to fictitious build numbers.

FortiAPs and FortiSwitches currently cannot follow the upgrade path. They upgrade directly to the target version.

Example

In this example, the Security Fabric consists of a root FortiGate (FGT_101E) and a downstream FortiGate (GA_A_1). The FortiGates are currently running FortiOS 7.2.1 (build 0510). The administrator wants to upgrade the firmware to version 7.4.0 (build 0810). When upgrading the firmware on the Fabric Management page, the FortiGate is able to display the upgrade path, 7.2.1 > 7.2.2 > 7.4.0, and perform all of the upgrades in sequence (with multiple reboots).

To upgrade the FortiGate firmware:
  1. Go to System > Fabric Management and click Fabric Upgrade. The Fabric Upgrade pane opens.
  2. In the Select Firmware section, select All Upgrades.
  3. Select the 7.4.0 version. Upgrade options appear.
  4. Select Follow upgrade path. The upgrade path is displayed: v7.2.1 > v7.2.2 > v7.4.0.
    • If Directly upgrade to v7.4.0 is selected, a warning message appears that this may result in the loss of configuration.

  5. Click Next.
  6. Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time. (Custom is used in this example.)

  7. Click Next and review the update schedule.

  8. Click Confirm and Backup Config.

    The Upgrade Status for both FortiGates indicated when the scheduled upgrade will take place. In this example, the first upgrade in the path is to version 7.2.2. The FortiGates will reboot and then upgrade to 7.4.0 as per the upgrade path.

    Once the upgrades are complete and both FortiGates are running the desired firmware (7.4.0), the Upgrade Status changes to Up to date.

CLI commands

The following options are available in execute federated-upgrade <option>:

Option

Description

cancel

Cancel the currently configured upgrade.

initialize

Set up a federated upgrade.

status

Show the current status of a federated upgrade.

Note

The config system federated-upgrade command is read-only. Attempting to configure federated upgrade using the config command will show the following error message:

Federated upgrade cannot be configured directly.
Please use 'execute federated-upgrade ...' to configure.

Upgrading all device firmware by following the upgrade path (federated update)

Upgrading all device firmware by following the upgrade path (federated update)

When performing a Fabric upgrade or non-Fabric upgrade under System > Fabric Management and choosing a firmware that requires multiple builds in the upgrade path, the FortiGate can follow the upgrade path to complete the upgrade automatically. This process is sometimes called a federated update. A federated update can be performed immediately or during a scheduled time.

Note

To demonstrate the functionality of this feature, this example uses FortiGates that are running and upgrading to fictitious build numbers.

FortiAPs and FortiSwitches currently cannot follow the upgrade path. They upgrade directly to the target version.

Example

In this example, the Security Fabric consists of a root FortiGate (FGT_101E) and a downstream FortiGate (GA_A_1). The FortiGates are currently running FortiOS 7.2.1 (build 0510). The administrator wants to upgrade the firmware to version 7.4.0 (build 0810). When upgrading the firmware on the Fabric Management page, the FortiGate is able to display the upgrade path, 7.2.1 > 7.2.2 > 7.4.0, and perform all of the upgrades in sequence (with multiple reboots).

To upgrade the FortiGate firmware:
  1. Go to System > Fabric Management and click Fabric Upgrade. The Fabric Upgrade pane opens.
  2. In the Select Firmware section, select All Upgrades.
  3. Select the 7.4.0 version. Upgrade options appear.
  4. Select Follow upgrade path. The upgrade path is displayed: v7.2.1 > v7.2.2 > v7.4.0.
    • If Directly upgrade to v7.4.0 is selected, a warning message appears that this may result in the loss of configuration.

  5. Click Next.
  6. Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time. (Custom is used in this example.)

  7. Click Next and review the update schedule.

  8. Click Confirm and Backup Config.

    The Upgrade Status for both FortiGates indicated when the scheduled upgrade will take place. In this example, the first upgrade in the path is to version 7.2.2. The FortiGates will reboot and then upgrade to 7.4.0 as per the upgrade path.

    Once the upgrades are complete and both FortiGates are running the desired firmware (7.4.0), the Upgrade Status changes to Up to date.

CLI commands

The following options are available in execute federated-upgrade <option>:

Option

Description

cancel

Cancel the currently configured upgrade.

initialize

Set up a federated upgrade.

status

Show the current status of a federated upgrade.

Note

The config system federated-upgrade command is read-only. Attempting to configure federated upgrade using the config command will show the following error message:

Federated upgrade cannot be configured directly.
Please use 'execute federated-upgrade ...' to configure.