Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000E Handbook

Upgrading the firmware on an individual FIM

During the upgrade, the FIM will not be able to process traffic. However, the other FIM and the FPMs should continue to operate normally.

To upgrade the firmware on a individual FIM from the GUI
  1. Connect to the FIM GUI using the SLBC management IP address and the special management port number for that FIM. For example, for the FIM in slot 2, browse to https://<SLBC-management-ip>:44302.

  2. Start a normal firmware upgrade. For example,

    1. Go to System > Firmware and select Browse to select the firmware file to install.

    2. Follow the prompts to select the firmware file, save the configuration, and upload the firmware file to the FPM.

  3. After the FIM restarts, verify that the new firmware has been installed.

    You can do this from the FIM GUI dashboard or from the FIM CLI using the get system status command.

  4. Use the diagnose sys confsync status | grep in_sy command to verify that the configuration of the FIM has been synchronized. The field in_sync=1 indicates that the configurations of that FIM or FPM is synchronized.

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has completely restarted, it will not appear in the command output. As well, the Configuration Sync Monitor will temporarily show that it is not synchronized.

To upgrade the firmware on a individual FIM from the CLI using TFTP
  1. Put a copy of the firmware file on a TFTP server that is accessible from the SLBC management interface.

  2. Connect to the FIM CLI by using an SSH client. For example, to connect to the CLI of the FIM in slot 2, connect to <SLBC-management-ip>:2201.

  3. Enter the following command to upload the firmware file to the FIM:

    execute upload image tftp <firmware-filename> comment <tftp-server-ip-address>

  4. After the FIM restarts, verify that the new firmware has been installed.

    You can do this from the FIM GUI dashboard or from the FIM CLI using the get system status command.

  5. Use the diagnose sys confsync status | grep in_sy command to verify that the configuration of the FIM has been synchronized. The field in_sync=1 indicates that the configurations of that FIM or FPM is synchronized.

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has completely restarted, it will not appear in the command output. As well, the Configuration Sync Monitor will temporarily show that it is not synchronized.

Upgrading the firmware on an individual FIM

During the upgrade, the FIM will not be able to process traffic. However, the other FIM and the FPMs should continue to operate normally.

To upgrade the firmware on a individual FIM from the GUI
  1. Connect to the FIM GUI using the SLBC management IP address and the special management port number for that FIM. For example, for the FIM in slot 2, browse to https://<SLBC-management-ip>:44302.

  2. Start a normal firmware upgrade. For example,

    1. Go to System > Firmware and select Browse to select the firmware file to install.

    2. Follow the prompts to select the firmware file, save the configuration, and upload the firmware file to the FPM.

  3. After the FIM restarts, verify that the new firmware has been installed.

    You can do this from the FIM GUI dashboard or from the FIM CLI using the get system status command.

  4. Use the diagnose sys confsync status | grep in_sy command to verify that the configuration of the FIM has been synchronized. The field in_sync=1 indicates that the configurations of that FIM or FPM is synchronized.

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has completely restarted, it will not appear in the command output. As well, the Configuration Sync Monitor will temporarily show that it is not synchronized.

To upgrade the firmware on a individual FIM from the CLI using TFTP
  1. Put a copy of the firmware file on a TFTP server that is accessible from the SLBC management interface.

  2. Connect to the FIM CLI by using an SSH client. For example, to connect to the CLI of the FIM in slot 2, connect to <SLBC-management-ip>:2201.

  3. Enter the following command to upload the firmware file to the FIM:

    execute upload image tftp <firmware-filename> comment <tftp-server-ip-address>

  4. After the FIM restarts, verify that the new firmware has been installed.

    You can do this from the FIM GUI dashboard or from the FIM CLI using the get system status command.

  5. Use the diagnose sys confsync status | grep in_sy command to verify that the configuration of the FIM has been synchronized. The field in_sync=1 indicates that the configurations of that FIM or FPM is synchronized.

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has completely restarted, it will not appear in the command output. As well, the Configuration Sync Monitor will temporarily show that it is not synchronized.