Installing firmware on an individual FortiGate-6000 FPC
You may want to install firmware on an individual FPC to resolve a software-related problem with the FPC or if the FPC is not running the same firmware version as the management board. The following procedure describes how to transfer a new firmware image file to the FortiGate-6000 internal TFTP server and then install the firmware on an FPC.
Copy the firmware image file to a TFTP server, FTP server, or USB key.
To upload the firmware image file onto the FortiGate-6000 internal TFTP server, from the management board CLI, enter one of the following commands.
To upload the firmware image file from an FTP server:
execute upload image ftp <image-file-and-path> <comment> <ftp-server-address> <username> <password>
To upload the firmware image file from a TFTP server:
execute upload image tftp <image-file> <comment> <tftp-server-address>
To upload the firmware image file from a USB key:
execute upload image usb <image-file-and-path> <comment>
Enter the following command to install the firmware image file on to an FPC:
execute load-balance update image <slot-number>
<slot-number>is the FPC slot number.
This command uploads the firmware image to the FPC and the FPC restarts. When the FPC starts up, the configuration is reset to factory default settings and then synchronized by the management board. The FPC restarts again, rejoins the cluster, and is ready to process traffic.
To verify that the configuration of the FPC has been synchronized, enter the
diagnose sys confsync status | grep in_sycommand. The command output below shows an example of the synchronization status of some of the FPCs in an HA cluster of two FortiGate-6301F devices. The field
in_sync=1indicates that the configuration of the FPC is synchronized.
FPC6KFT018901327, Slave, uptime=615368.33, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=1 F6KF31T018900143, Master, uptime=615425.84, priority=1, slot_id=1:0, idx=0, flag=0x10, in_sync=1 FPC6KFT018901372, Slave, uptime=615319.63, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=1 F6KF31T018900143, Master, uptime=615425.84, priority=1, slot_id=1:0, idx=0, flag=0x10, in_sync=1 FPC6KFT018901346, Slave, uptime=423.91, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=1
FPCs that are missing or that show
in_sync=0are not synchronized. To synchronize an FPC that is not synchronized, log into the CLI of the FPC and restart it using the
execute rebootcommand. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.
The example output also shows that the uptime of the FPC in slot 3 is lower than the uptime of the other FPCs, indicating that the FPC in slot 3 has recently restarted.
If you enter the
diagnose sys confsync status | grep in_sycommand before an FPC has completely restarted, it will not appear in the output. Also, the Security Fabric dashboard widget will temporarily show that it is not synchronized.