Fortinet black logo

Handbook

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Updating firmware on an HA cluster

Updating firmware on an HA cluster

Note the following before upgrade:

  • Upgrading FortiDDoS requires at least one reboot of each appliance and can be disruptive of network traffic depending on fail-open/closed conditions and RSTP/BGP settings of surrounding switches. This procedure assumes production traffic on the Primary appliance with an upgrade of the Secondary appliance first. This procedure can be reversed – move traffic to the Secondary, upgrade the primary, revert traffic and upgrade the Secondary.
  • If both devices are carrying production traffic (each appliance is on one leg of an asymmetric traffic environment), ensure both devices support fail-open and perform in a maintenance window.
  • Do not modify any configuration settings when systems are in Standalone Mode. Any configuration changes may cause the Seondary unit to reboot when returning to the HA pair.
To update the firmware of an HA cluster:
  1. Verify that the cluster node members are powered on and available.
  2. Log into the web UI of the primary node with an account whose access profile contains Read and Write permissions in the Maintenance and HA category.
  3. Backup the Primary configuration.
  4. Go to System > High Availability and note the number in the Device Priority field. The Primary Device Priority must be higher than Secondary Device Priority. (1 is a higher priority than 5, for example). If this is not true, note the error to be corrected during upgrade.
  5. Change the HA mode from Active-Passive to Standalone.
  6. Repeat steps 2-4 on the Secondary system.
    Note: Having both systems in Standalone mode is important for this procedure.
  7. Follow the upgrade procedure as instructed in the Release Notes on Secondary system. (This assumes that the traffic is currently on the Primary system.).
  8. Once the Secondary system is upgraded, leave the Secondary in Standalone Mode and move traffic to the Secondary.
  9. Follow the upgrade procedure on Primary System as instructed in the Release Notes.
  10. On the Primary System > High Availability: Confirm or set the device priority to a higher priority (lower number) than the Secondary system and then change Configured HA Mode to 'Active-Passive'.
  11. Revert traffic to the Primary system.
  12. On the Secondary System > High Availability: Confirm or set the device priority to a lower priority (lower number) than the primary system and then change Configured HA Mode to 'Active-Passive'.

Previous
Next

Updating firmware on an HA cluster

Note the following before upgrade:

  • Upgrading FortiDDoS requires at least one reboot of each appliance and can be disruptive of network traffic depending on fail-open/closed conditions and RSTP/BGP settings of surrounding switches. This procedure assumes production traffic on the Primary appliance with an upgrade of the Secondary appliance first. This procedure can be reversed – move traffic to the Secondary, upgrade the primary, revert traffic and upgrade the Secondary.
  • If both devices are carrying production traffic (each appliance is on one leg of an asymmetric traffic environment), ensure both devices support fail-open and perform in a maintenance window.
  • Do not modify any configuration settings when systems are in Standalone Mode. Any configuration changes may cause the Seondary unit to reboot when returning to the HA pair.
To update the firmware of an HA cluster:
  1. Verify that the cluster node members are powered on and available.
  2. Log into the web UI of the primary node with an account whose access profile contains Read and Write permissions in the Maintenance and HA category.
  3. Backup the Primary configuration.
  4. Go to System > High Availability and note the number in the Device Priority field. The Primary Device Priority must be higher than Secondary Device Priority. (1 is a higher priority than 5, for example). If this is not true, note the error to be corrected during upgrade.
  5. Change the HA mode from Active-Passive to Standalone.
  6. Repeat steps 2-4 on the Secondary system.
    Note: Having both systems in Standalone mode is important for this procedure.
  7. Follow the upgrade procedure as instructed in the Release Notes on Secondary system. (This assumes that the traffic is currently on the Primary system.).
  8. Once the Secondary system is upgraded, leave the Secondary in Standalone Mode and move traffic to the Secondary.
  9. Follow the upgrade procedure on Primary System as instructed in the Release Notes.
  10. On the Primary System > High Availability: Confirm or set the device priority to a higher priority (lower number) than the Secondary system and then change Configured HA Mode to 'Active-Passive'.
  11. Revert traffic to the Primary system.
  12. On the Secondary System > High Availability: Confirm or set the device priority to a lower priority (lower number) than the primary system and then change Configured HA Mode to 'Active-Passive'.

Previous
Next