Synchronizing FIMs and FPMs after upgrading the primary FIM firmware from the BIOS
After you install firmware on the primary FIM from the BIOS after a reboot, the firmware version and configuration of the primary FIM will most likely be not be synchronized with the other FIMs and FPMs. You can verify this from the primary FIM CLI using the diagnose sys confsync status | grep in_sy
command. The in_sync=0
entries in the following example output show that the management board (serial number ending in 10) is not synchronized with the other FIM and the FPMs shown in the example.
diagnose sys confsync status | grep in_sy FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=0 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FPM20E3E17900217, Slave, uptime=69387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=0 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 ...
You can also verify synchronization status from primary FIM Security Fabric dashboard widget.
To re-synchronize the FortiGate-7000, which has the effect of resetting the other FIM and the FPMs, re-install firmware on the primary FIM.
You can also manually install firmware on each individual FIM and FPM from the BIOS after a reboot. This manual process is just as effective as installing the firmware for a second time on the primary FIM to trigger synchronization to the FIM and the FPMs, but takes much longer. |
-
Log into the primary FIM GUI.
-
Install a firmware build on the primary FIM from the GUI or CLI. The firmware build you install on the primary FIM can either be the same firmware build or a different one.
Installing firmware synchronizes the firmware build and configuration from the primary FIM to the other FIM and the FPMs.
-
Check the synchronization status from the Security Fabric dashboard widget or using the
diagnose sys confsync status | grep in_sy
command. The following example ForGate-7040E shows that the primary FIM is synchronized with the other FIM and all of the FPMs because each line includes in_sync=1:diagnose sys confsync status | grep in_sy FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FPM20E3E17900217, Slave, uptime=69387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1 FPM20E3E17900217, Slave, uptime=69387.74, priority=20, slot_id=1:4, idx=2, flag=0x4, in_sync=1 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FIM04E3E16000010, Master, uptime=69398.91, priority=1, slot_id=1:1, idx=0, flag=0x0, in_sync=1 FIM10E3E16000040, Slave, uptime=69346.99, priority=2, slot_id=1:2, idx=1, flag=0x0, in_sync=1 FPM20E3E17900217, Slave, uptime=69387.74, priority=20, slot_id=1:4, idx=2, flag=0x64, in_sync=1