The management board and the FPCs in your FortiGate-6000 system run the same firmware image. You upgrade the firmware using the management board GUI or CLI just as you would any FortiGate product. During the upgrade process, the firmware running on the management board and all of the FPCs upgrades in one step. Firmware upgrades should be done during a quiet time because traffic will be briefly interrupted during the upgrade process. The entire firmware upgrade takes a few minutes, depending on the number of FPCs in your FortiGate-6000 system. Some firmware upgrades may take longer depending on factors, such as the size of the configuration and whether an upgrade of the DP processor is included.
Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:
- Review the latest release notes for the firmware version that you are upgrading to.
- Verify the recommended upgrade path, as documented in the release notes.
- Back up your FortiGate-6000 configuration.
Fortinet recommends that you review the services provided by your FortiGate-6000 before a firmware upgrade and then again after the upgrade to make sure that these services continue to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.
If you are operating two FortiGate-6000s in HA mode with
session-pickup enabled, firmware upgrades should only cause a minimal traffic interruption. Use the following command to enable these settings. These settings are synchronized to all FPCs.
config system ha
set uninterruptable-upgrade enable
set session-pickup enable