Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Upgrade information

This section provides upgrade information for upgrading your FortiGate-6000 or FortiGate-7000 to FortiOS v6.0.4 build 8405.

Upgrading a FortiGate-6000 or FortiGate-7000 HA configuration

Upgrading a FortiGate-6000 or FortiGate-7000 HA cluster with uninterruptable-upgrade enabled (called a graceful upgrade) to FortiOS v6.0.4 build 8405 is supported from the following builds:

  • FortiOS v5.6.7 build 4214
  • FortiOS v5.6.7 build 4261
  • FortiOS v6.0.4 build 6145
Caution

Upgrading a FortiGate-6000 or FortiGate-7000 HA cluster with uninterruptable-upgrade enabled is not supported from FortiOS v6.0.4 build 8385 and FortiOS v5.6.7 build 4254.

If you disable uninterruptible-upgrade, the firmware upgrade occurs simultaneously across all hardware components and is supported from any build. However, you should still follow the correct recommended upgrade path as listed on https://support.fortinet.com under Upgrade path.

You can check the firmware version and build number from the System Information dashboard widget or from the CLI using the get system status command.

FortiGate-6000 upgrade information

FortiGate-6000 v6.0.4 build 8405 supports upgrading from FortiGate-6000 v5.6.7 build 4214 or 4261 or from v6.0.4 build 6145 to v6.0.4 build 8405.

For a FortiGate-6000 HA configuration, you can enable uninterruptible upgrade.
config system ha
   set uninterruptable-upgrade enable
end

Enabling uninterruptable-upgrade allows you to upgrade the firmware of an operating FortGate-6000 HA configuration with only minimal traffic interruption. During the upgrade, the backup FortiGate-6000 upgrades first. Then a failover occurs and the newly upgraded FortiGate-6000 becomes the primary FortiGate-6000 and the firmware of the new backup FortiGate-6000 upgrades.

The management board and the FPCs in your FortiGate-6000 system run the same firmware image. You upgrade the firmware using the management board GUI or CLI just as you would any FortiGate product. During the upgrade process, the firmware running on the management board and all of the FPCs upgrades in one step. Firmware upgrades should be done during a quiet time because traffic will be briefly interrupted during the upgrade process. The entire firmware upgrade takes a few minutes, depending on the number of FPCs in your FortiGate-6000 system. Some firmware upgrades may take longer depending on factors, such as the size of the configuration and whether an upgrade of the DP processor is included.

Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:

  • Review the latest release notes for the firmware version that you are upgrading to.
  • Verify the recommended upgrade path, as documented in the release notes.
  • Back up your FortiGate-6000 configuration.
Note

Fortinet recommends that you review the services provided by your FortiGate-6000 before a firmware upgrade and then again after the upgrade to make sure that these services continue to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.

FortiGate-7000 upgrade information

FortiGate-7000 6.0.4 build 8405 supports upgrading from FortiGate-7000 v5.6.7 build 4214 or 4261 or from v6.0.4 build 6145 to 6.0.4 build 8405.

For a FortiGate-7000 HA configuration, you can enable uninterruptible upgrade.
config system ha
   set uninterruptable-upgrade enable
end

Enabling uninterruptable-upgrade allows you to upgrade the firmware of an operating FortGate-7000 HA configuration with only minimal traffic interruption. During the upgrade, the backup FortiGate-7000 upgrades first. Then a failover occurs and the newly upgraded FortiGate-7000 becomes the primary FortiGate-7000 and the firmware of the new backup FortiGate-7000 upgrades.

All of the FIMs and FPMs in your FortiGate-7000 system run the same firmware image. You upgrade the firmware using the primary FIM GUI or CLI just as you would any FortiGate product. During the upgrade process, the firmware running on all of the FIMs and FPMs upgrades in one step. Firmware upgrades should be done during a quiet time because traffic will be briefly interrupted by the upgrade process. The entire firmware upgrade takes a few minutes. depending on the number of FIMs and FPMs in your FortiGate-7000 system. Some firmware upgrades may take longer depending on other factors, such as the size of the configuration and whether a DP processor firmware upgrade is included.

Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:

  • Review the latest release notes for the firmware version that you are upgrading to.
  • Verify the recommended upgrade path as documented in the release notes.
  • Back up your FortiGate-7000 configuration.
Note

Fortinet recommends that you review the services provided by your FortiGate-7000 before a firmware upgrade and then again after the upgrade to make sure the services continues to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade, and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.

Upgrade information

This section provides upgrade information for upgrading your FortiGate-6000 or FortiGate-7000 to FortiOS v6.0.4 build 8405.

Upgrading a FortiGate-6000 or FortiGate-7000 HA configuration

Upgrading a FortiGate-6000 or FortiGate-7000 HA cluster with uninterruptable-upgrade enabled (called a graceful upgrade) to FortiOS v6.0.4 build 8405 is supported from the following builds:

  • FortiOS v5.6.7 build 4214
  • FortiOS v5.6.7 build 4261
  • FortiOS v6.0.4 build 6145
Caution

Upgrading a FortiGate-6000 or FortiGate-7000 HA cluster with uninterruptable-upgrade enabled is not supported from FortiOS v6.0.4 build 8385 and FortiOS v5.6.7 build 4254.

If you disable uninterruptible-upgrade, the firmware upgrade occurs simultaneously across all hardware components and is supported from any build. However, you should still follow the correct recommended upgrade path as listed on https://support.fortinet.com under Upgrade path.

You can check the firmware version and build number from the System Information dashboard widget or from the CLI using the get system status command.

FortiGate-6000 upgrade information

FortiGate-6000 v6.0.4 build 8405 supports upgrading from FortiGate-6000 v5.6.7 build 4214 or 4261 or from v6.0.4 build 6145 to v6.0.4 build 8405.

For a FortiGate-6000 HA configuration, you can enable uninterruptible upgrade.
config system ha
   set uninterruptable-upgrade enable
end

Enabling uninterruptable-upgrade allows you to upgrade the firmware of an operating FortGate-6000 HA configuration with only minimal traffic interruption. During the upgrade, the backup FortiGate-6000 upgrades first. Then a failover occurs and the newly upgraded FortiGate-6000 becomes the primary FortiGate-6000 and the firmware of the new backup FortiGate-6000 upgrades.

The management board and the FPCs in your FortiGate-6000 system run the same firmware image. You upgrade the firmware using the management board GUI or CLI just as you would any FortiGate product. During the upgrade process, the firmware running on the management board and all of the FPCs upgrades in one step. Firmware upgrades should be done during a quiet time because traffic will be briefly interrupted during the upgrade process. The entire firmware upgrade takes a few minutes, depending on the number of FPCs in your FortiGate-6000 system. Some firmware upgrades may take longer depending on factors, such as the size of the configuration and whether an upgrade of the DP processor is included.

Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:

  • Review the latest release notes for the firmware version that you are upgrading to.
  • Verify the recommended upgrade path, as documented in the release notes.
  • Back up your FortiGate-6000 configuration.
Note

Fortinet recommends that you review the services provided by your FortiGate-6000 before a firmware upgrade and then again after the upgrade to make sure that these services continue to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.

FortiGate-7000 upgrade information

FortiGate-7000 6.0.4 build 8405 supports upgrading from FortiGate-7000 v5.6.7 build 4214 or 4261 or from v6.0.4 build 6145 to 6.0.4 build 8405.

For a FortiGate-7000 HA configuration, you can enable uninterruptible upgrade.
config system ha
   set uninterruptable-upgrade enable
end

Enabling uninterruptable-upgrade allows you to upgrade the firmware of an operating FortGate-7000 HA configuration with only minimal traffic interruption. During the upgrade, the backup FortiGate-7000 upgrades first. Then a failover occurs and the newly upgraded FortiGate-7000 becomes the primary FortiGate-7000 and the firmware of the new backup FortiGate-7000 upgrades.

All of the FIMs and FPMs in your FortiGate-7000 system run the same firmware image. You upgrade the firmware using the primary FIM GUI or CLI just as you would any FortiGate product. During the upgrade process, the firmware running on all of the FIMs and FPMs upgrades in one step. Firmware upgrades should be done during a quiet time because traffic will be briefly interrupted by the upgrade process. The entire firmware upgrade takes a few minutes. depending on the number of FIMs and FPMs in your FortiGate-7000 system. Some firmware upgrades may take longer depending on other factors, such as the size of the configuration and whether a DP processor firmware upgrade is included.

Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:

  • Review the latest release notes for the firmware version that you are upgrading to.
  • Verify the recommended upgrade path as documented in the release notes.
  • Back up your FortiGate-7000 configuration.
Note

Fortinet recommends that you review the services provided by your FortiGate-7000 before a firmware upgrade and then again after the upgrade to make sure the services continues to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade, and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.