Fortinet black logo

FortiGate-6000 Administration Guide

Home FortiGate / FortiOS 7.2.6 FortiGate-6000 Administration Guide
7.2.6
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5

HA cluster firmware upgrades

HA cluster firmware upgrades

Both management boards and all of the FPCs in a FortiGate-6000 HA cluster run the same firmware image. You upgrade the firmware from the primary FortiGate-6000 management board.

You can perform a graceful firmware upgrade of an FGCP cluster by enabling uninterruptible-upgrade and session-pickup. A graceful firmware upgrade only causes minimal traffic interruption. Use the following command to enable these settings; they are disabled by default. These settings are synchronized.

config system ha

set uninterruptible-upgrade enable

set session-pickup enable

end

When these settings are enabled, the primary FortiGate-6000 management board uploads firmware to the secondary FortiGate-6000 management board. The secondary management board uploads the firmware to all of the FPCs in the secondary FortiGate-6000. Then the management board and all of the FPCs in the secondary FortiGate-6000 upgrade their firmware, reboot, and resynchronize.

Then all traffic fails over to the secondary FortiGate-6000 which becomes the new primary FortiGate-6000. Then the management board and the FPCs in the new secondary FortiGate-6000 upgrade their firmware and rejoin the cluster. Unless override is enabled, the new primary FortiGate-6000 continues to operate as the primary FortiGate-6000.

Normally you would want to enable uninterruptible-upgrade to minimize traffic interruptions. But uninterruptible-upgrade does not have to be enabled. In fact, if a traffic interruption is not going to cause any problems, you can disable uninterruptible-upgrade so that the firmware upgrade process takes less time.

As well some firmware upgrades may not support uninterruptible-upgrade. For example, uninterruptible-upgrade may not be supported if the firmware upgrade also includes a DP3 processor firmware upgrade. Make sure to review the release notes before running a firmware upgrade to verify whether or not enabling uninterruptible-upgrade is supported to upgrade to that version.

Note

To make sure a FortiGate 6000F firmware upgrade is successful, before starting the upgrade Fortinet recommends you use health checking to make sure the management board and the FPCs are all synchronized and operating as expected.

If you are following a multi-step upgrade path, you should re-do health checking after each upgrade step to make sure all components are synchronized before the next step.

You should also perform a final round of health checking after the firmware upgrade process is complete.

For recommended health checking commands, see the following Fortinet community article:

Technical Tip: FortiGate-6000/7000 Chassis health check commands.

Previous
Next

HA cluster firmware upgrades

Both management boards and all of the FPCs in a FortiGate-6000 HA cluster run the same firmware image. You upgrade the firmware from the primary FortiGate-6000 management board.

You can perform a graceful firmware upgrade of an FGCP cluster by enabling uninterruptible-upgrade and session-pickup. A graceful firmware upgrade only causes minimal traffic interruption. Use the following command to enable these settings; they are disabled by default. These settings are synchronized.

config system ha

set uninterruptible-upgrade enable

set session-pickup enable

end

When these settings are enabled, the primary FortiGate-6000 management board uploads firmware to the secondary FortiGate-6000 management board. The secondary management board uploads the firmware to all of the FPCs in the secondary FortiGate-6000. Then the management board and all of the FPCs in the secondary FortiGate-6000 upgrade their firmware, reboot, and resynchronize.

Then all traffic fails over to the secondary FortiGate-6000 which becomes the new primary FortiGate-6000. Then the management board and the FPCs in the new secondary FortiGate-6000 upgrade their firmware and rejoin the cluster. Unless override is enabled, the new primary FortiGate-6000 continues to operate as the primary FortiGate-6000.

Normally you would want to enable uninterruptible-upgrade to minimize traffic interruptions. But uninterruptible-upgrade does not have to be enabled. In fact, if a traffic interruption is not going to cause any problems, you can disable uninterruptible-upgrade so that the firmware upgrade process takes less time.

As well some firmware upgrades may not support uninterruptible-upgrade. For example, uninterruptible-upgrade may not be supported if the firmware upgrade also includes a DP3 processor firmware upgrade. Make sure to review the release notes before running a firmware upgrade to verify whether or not enabling uninterruptible-upgrade is supported to upgrade to that version.

Note

To make sure a FortiGate 6000F firmware upgrade is successful, before starting the upgrade Fortinet recommends you use health checking to make sure the management board and the FPCs are all synchronized and operating as expected.

If you are following a multi-step upgrade path, you should re-do health checking after each upgrade step to make sure all components are synchronized before the next step.

You should also perform a final round of health checking after the firmware upgrade process is complete.

For recommended health checking commands, see the following Fortinet community article:

Technical Tip: FortiGate-6000/7000 Chassis health check commands.

Previous
Next