Fortinet Document Library

Version:

Version:

Version:


Table of Contents

FortiGate-6000 Release Notes

Download PDF
Copy Link

Installing firmware on an individual FortiGate-7000 FPM

Use the following procedure to upgrade the firmware running on an individual FPM. To perform the upgrade, you must enter a command from the primary FIM CLI to allow ELBC communication with the FPM. Then you can just log in to the FPM GUI or CLI and perform the firmware upgrade.

During this procedure, the FPM will not be able to process traffic. However, the other FPMs and the FIMs should continue to operate normally.

After verifying that the FPM is running the right firmware, you must log back into the primary FIM CLI and return the FPM to normal operation.

  1. Log in to the primary FIM CLI and enter the following command:

    diagnose load-balance switch set-compatible <slot> enable elbc

    Where <slot> is the number of the FortiGate-7000 slot containing the FPM to be upgraded.

  2. Log in to the FPM GUI or CLI using its special port number (for example, for the FPM in slot 3, browse to https://192.168.1.99:44303 to connect to the GUI) and perform a normal firmware upgrade of the FPM.

  3. After the FPM restarts, verify that the new firmware has been installed.

    You can do this from the FPM GUI dashboard or from the FPM CLI using the get system status command.

  4. Verify that the configuration has been synchronized. The following command output shows the sync status of a FortiGate-7040E. The field in_sync=1 indicates that the configurations of the FIMs and FPMs are synchronized.

    diagnose sys confsync status | grep in_sy
    FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1
    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1
    FPM20E3E17900217, Slave, uptime=387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1
    FPM20E3E17900217, Slave, uptime=387.74, priority=20, slot_id=1:4, idx=2, flag=0x4, in_sync=1
    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1
    FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1
    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1
    FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1
    FPM20E3E17900217, Slave, uptime=387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    The command output also shows that the uptime of the FPM in slot 4 is lower than the uptime of the other modules, indicating that the FPM in slot 4 has recently restarted.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has completely restarted, it will not appear in the command output. As well, the Security Fabric dashboard widget will temporarily show that it is not synchronized.

  5. Once the FPM is operating normally, log back in to the primary FIM CLI and enter the following command to reset the FPM to normal operation:

    diagnose load-balance switch set-compatible <slot> disable

    Configuration synchronization errors will occur if you do not reset the FPM to normal operation.

Installing firmware on an individual FortiGate-7000 FPM

Use the following procedure to upgrade the firmware running on an individual FPM. To perform the upgrade, you must enter a command from the primary FIM CLI to allow ELBC communication with the FPM. Then you can just log in to the FPM GUI or CLI and perform the firmware upgrade.

During this procedure, the FPM will not be able to process traffic. However, the other FPMs and the FIMs should continue to operate normally.

After verifying that the FPM is running the right firmware, you must log back into the primary FIM CLI and return the FPM to normal operation.

  1. Log in to the primary FIM CLI and enter the following command:

    diagnose load-balance switch set-compatible <slot> enable elbc

    Where <slot> is the number of the FortiGate-7000 slot containing the FPM to be upgraded.

  2. Log in to the FPM GUI or CLI using its special port number (for example, for the FPM in slot 3, browse to https://192.168.1.99:44303 to connect to the GUI) and perform a normal firmware upgrade of the FPM.

  3. After the FPM restarts, verify that the new firmware has been installed.

    You can do this from the FPM GUI dashboard or from the FPM CLI using the get system status command.

  4. Verify that the configuration has been synchronized. The following command output shows the sync status of a FortiGate-7040E. The field in_sync=1 indicates that the configurations of the FIMs and FPMs are synchronized.

    diagnose sys confsync status | grep in_sy
    FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1
    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1
    FPM20E3E17900217, Slave, uptime=387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1
    FPM20E3E17900217, Slave, uptime=387.74, priority=20, slot_id=1:4, idx=2, flag=0x4, in_sync=1
    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1
    FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1
    FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1
    FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1
    FPM20E3E17900217, Slave, uptime=387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    The command output also shows that the uptime of the FPM in slot 4 is lower than the uptime of the other modules, indicating that the FPM in slot 4 has recently restarted.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has completely restarted, it will not appear in the command output. As well, the Security Fabric dashboard widget will temporarily show that it is not synchronized.

  5. Once the FPM is operating normally, log back in to the primary FIM CLI and enter the following command to reset the FPM to normal operation:

    diagnose load-balance switch set-compatible <slot> disable

    Configuration synchronization errors will occur if you do not reset the FPM to normal operation.