Upgrading a FortiGate 7121F from FortiOS 6.4.6 to 6.4.10
Use the following information to upgrade a standalone FortiGate 7121F or a FortiGate 7121F FGCP HA cluster from 6.4.6 build 1783 to FortiOS 6.4.10 Build 1875.
FortiOS 6.4.10 increases the FortiGate 7121F boot partition size. This change allows the FortiGate 7121F to support larger more complex configurations that include more VDOMs and firewall policies. Because of the boot partition size increase, the process of upgrading from a FortiGate 7121F from 6.4.6 build 1783 to 6.4.10 Build 1875 is a manual process that will take longer than normal and during this time the FortiGate 7121F will not be able to process traffic.
As well, graceful upgrade from 6.4.6 build 1783 to FortiOS 6.4.10 is not supported for a FortiGate 7121F FGCP cluster. Instead you must change the FortiGate 7121Fs to operate as standalone FortiGates and upgrade each one separately before reforming the cluster.
You can use a normal firmware upgrade procedure to upgrade a FortiGate 7121F from FortiOS 6.2.9 build 1206 to FortiOS 6.4.10 Build 1875 because the partition size was increased for FortiOS 6.2.9. |
The following procedure describes how to power down the FIMs and FPMs, install a special firmware image on each FIM, upload the special firmware image file to the TFTP server of the FIM in slot 1, and then install this firmware image on each FPM. Once both FIMs and all FPMs are running the special firmware image, you can use a normal firmware upgrade procedure to upgrade the FortiGate-7121F firmware to FortiOS 6.4.10 Build 1875
Contact Fortinet Technical Support by logging to https://support.fortinet.com for assistance with upgrading your FortiGate 7121F to FortiOS 6.4.10 . The support team can supply you with the special firmware image file and assist with the following procedures. |
The following procedures use the FortiGate-7121F system management module (SMM) console ports. For information about how to connect to and use these console ports, see Using the FortiGate-7121F SMM console ports.
If you are operating a FortiGate 7121F FGCP HA cluster where the boot partition size of one of the FortiGate 7121Fs has been increased but one hasn't, you can use the following steps to increase the boot partition of just one of the FortiGate 7121Fs. The remaining FortiGate 7121F can continue to process traffic:
|
Installing the special firmware image on the FIMs
-
Set up a TFTP server that can communicate with the 1-mgmt1 interface and upload the special FortiGate-7000F firmware build (file name: FGT_7000F-v6-build8176-FORTINET.out) to the TFTP server.
-
Connect to one of the FortiGate-7121F system management module (SMM) console ports.
You can also use SSH to connect to the SMM MGMT interface.
-
From the SMM console or SSH connection, connect to the FortiOS CLI of the FIM in slot 1.
Press Ctrl-T to enter console mode. Repeat pressing Ctrl-T until you connect to slot 1. Example prompt:
<Switching to Console: FIM01 (9600)>
-
Enter the command
execute shutdown
to power off all of the FIMs and FPMs in the chassis.The FIMs and FPMs take a few minutes to shut down.
-
Power off all FIMs and FPMs using the
fru deactivate <slot>
command, for example:From the SMC SDI CLI you can use the following command to power off the FIM in slot 1:
fru deactivate 1
From the SMC SDI CLI you can use the following command to power off the FPM in slot 3:
fru deactivate 3
-
Use the following command to power on the FIM in slot 1
fru activate 1
-
While the FIM is starting, interrupt the start process by pressing any key.
If the FIM has already started, you can run the
execute reboot
command to restart it. -
From the BIOS, press
F
to format the flash. -
From the BIOS, upload the special firmware image from the TFTP server.
See Installing FIM firmware from the BIOS after a reboot for more information.
-
Press Ctrl-T to enter console mode.
-
Repeat pressing Ctrl-T to connect to the FortiOS CLI of the FIM in slot 2.
-
Use the following command to power on the FIM in slot 2:
fru activate 2
-
Starting from step 7, repeat the previous steps to interrupt the start process by pressing any key and install the special firmware build on the FIM in slot 2.
Installing the special firmware image on the FPMs
-
Make sure the 1-mgmt1 interface of the FIM in slot 1 can connect to the TFTP server.
To do this you may need to add an IP address for the 1-mgmt-1 interface and a default route for the mgmt-vdom VDOM.
-
Upload the special firmware image file to the TFTP server running on the FIM in slot 1.
To do this, from the FortiOS CLI of the FIM in slot 1, enter:
execute upload image tftp <image-file> comment <tftp-server-ip-address>
-
For the CLI of the FIM in slot 1, use the following command to verify that the firmware image has been uploaded to the TFTP server of the FIM in slot 1:
fnsysctl ls -l /data2/tftproot
-rw-r--r-- 1 0 0 Mon Nov 22 15:40:38 2021 79259649 image.out
-rw-r--r-- 1 0 0 Mon Nov 22 15:35:57 2021 1 miglogdisk_info
In the above example output,
image.out
is the firmware image to be installed on each FPM. -
From the SMM console connection, press Ctrl-T until you can connect to the FPM in slot 3.
-
From the SMC SDI CLI, use the following command to power on the FPM in slot 3:
fru activate 3
-
While the FPM is starting, interrupt the start process by pressing any key.
If the FPM has already started, you can run the
execute reboot
command to restart it. -
From the BIOS, press
F
to format the flash. -
From the BIOS, press
C
to configure TFTP parameters, and use the following settings to upload the firmware image from the TFTP server of the FIM in slot 1:Image download port: FIM01 TFTP Server DHCP status: disabled Local VLAN ID: none Local IP address: 169.254.254.3 Local subnet mask: 255.255.255.0 Local gateway: 10.160.62.1 TFTP server IP address: 169.254.254.1 Firmware file name: image.out
The
Local IP address
is169.254.254.<slot>
, where<slot>
is the slot number.Firmware file name
the file name isimage.out
. -
From the BIOS, press
T
to start the TFTP transfer.The firmware image file is uploaded to the FPM.
-
From the BIOS, press
D
to install the image as the default firmware image.The FPM installs the firmware image and restarts.
-
Repeat these steps for each FPM.
Installing FortiOS 6.4.10 Build 1875 firmware
Once all of the FIMs and FPMs are running the special firmware build, use a normal firmware upgrade procedure to upgrade the FortiGate-7121F firmware to FortiOS 6.4.10 Build 1875.