Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Upgrading FortiPAM devices in an HA cluster

Upgrading FortiPAM devices in an HA cluster

You can upgrade the firmware on an HA cluster in the same way as on a standalone FortiPAM. During a firmware upgrade, the cluster upgrades the primary unit and all of the secondary units to the new firmware image.

Before upgrading a cluster, back up your configuration. See Backup and restore.

Uninterrupted upgrade

An uninterrupted upgrade occurs without interrupting communication in the cluster.

To upgrade the cluster firmware without interrupting communication, the following steps are followed. These steps are transparent to the user and the network, and might result in the cluster selecting a new primary unit.

  1. The administrator uploads a new firmware image using the GUI or CLI. See Uploading a firmware.
  2. The firmware is upgraded on all of the secondary units.
  3. A new primary unit is selected from the upgraded secondary units.
  4. The firmware is upgraded on the former primary unit.
  5. Primary unit selection occurs, according to the standard primary unit selection process.

    If all of the secondary units crash or otherwise stop responding during the upgrade process, the primary unit will continue to operate normally, and will not be upgraded until at least one secondary rejoins the cluster.

Interrupted upgrade

An interrupted upgrade upgrades all cluster members at the same time. This takes less time than an uninterrupted upgrade, but it interrupts communication in the cluster.

Interrupted upgrade is disabled by default.
To enable interrupted upgrade:

config system ha

set uninterruptible-upgrade disable

end

Previous
Next

Upgrading FortiPAM devices in an HA cluster

You can upgrade the firmware on an HA cluster in the same way as on a standalone FortiPAM. During a firmware upgrade, the cluster upgrades the primary unit and all of the secondary units to the new firmware image.

Before upgrading a cluster, back up your configuration. See Backup and restore.

Uninterrupted upgrade

An uninterrupted upgrade occurs without interrupting communication in the cluster.

To upgrade the cluster firmware without interrupting communication, the following steps are followed. These steps are transparent to the user and the network, and might result in the cluster selecting a new primary unit.

  1. The administrator uploads a new firmware image using the GUI or CLI. See Uploading a firmware.
  2. The firmware is upgraded on all of the secondary units.
  3. A new primary unit is selected from the upgraded secondary units.
  4. The firmware is upgraded on the former primary unit.
  5. Primary unit selection occurs, according to the standard primary unit selection process.

    If all of the secondary units crash or otherwise stop responding during the upgrade process, the primary unit will continue to operate normally, and will not be upgraded until at least one secondary rejoins the cluster.

Interrupted upgrade

An interrupted upgrade upgrades all cluster members at the same time. This takes less time than an uninterrupted upgrade, but it interrupts communication in the cluster.

Interrupted upgrade is disabled by default.
To enable interrupted upgrade:

config system ha

set uninterruptible-upgrade disable

end

Previous
Next