You can upgrade the firmware of an operating FortiAnalyzer cluster in the same way as upgrading the firmware of a standalone FortiAnalyzer unit.
Upgrade the backup units first. Upgrade the primary unit last, after all backup units have been upgraded and have synchronized with the primary unit. When you upgrade the primary unit, one of the backup units is automatically selected to be the primary unit following the rules you set up in If the primary unit fails. This allows the HA cluster to continue operating through the upgrade process with primary and backup units.
During the upgrade, you might see messages about firmware version mismatch. This is to be expected. When the upgrade is completed and all cluster members are at the same firmware version, you should not see this message.
- Log into each backup unit and upgrade the firmware.
See the FortiAnalyzer Release Notes and FortiAnalyzer Upgrade Guide in the Fortinet Document Library for more information.
- Wait for the upgrades to complete and check that the backup units have joined the HA cluster as secondary units.
- Ensure that logs are synchronized with the primary unit.
- Upgrade the primary unit.
When the primary unit is upgraded, it automatically becomes a backup unit and one of the backup units is automatically selected to be the primary unit following the rules you set up in If the primary unit fails. This allows the HA cluster to continue operating through the upgrade process with primary and backup units.
If firmware versions between cluster members do not match, configuration synchronization is disabled. Other synchronization operations continue to function.
You might not be able to connect to the FortiAnalyzer GUI until the upgrade synchronization process is complete. During the upgrade, using SSH or telnet to connect to the CLI might be slow. If necessary, use the console to connect to the CLI.