Upgrading the firmware running on individual FIMs or FPMs
You can install firmware on individual FIMs or FPMs by logging into the FIM or FPM GUI or CLI. You can also setup a console connection to the FortiGate-7000 front panel Management Module and install firmware on individual FIMs or FPMs from a TFTP server after interrupting the FIM or FPM boot up sequence from the BIOS.
Normally you wouldn't need to upgrade the firmware on individual FIMs or FPMs because the FortiGate-7000 keeps the firmware on all of the FIMs and FPMs synchronized. However, FIM or FPM firmware may go out of sync in the following situations:
- Communication issues during a normal FortiGate-7000 firmware upgrade.
- Installing a replacement FIM or FPM that is running a different firmware version.
- Installing firmware on or formatting an FIM or FPM from the BIOS.
To verify the firmware versions on each FIM or FPM you can check individual FIM and FPM GUIs or enter the
get system status command from each FIM or FPM CLI. You can also use the
diagnose sys confsync status | grep in_sy command to see if the FIMs and FPMs are all synchronized. In the command output,
in_sync=1 means the FIM or FPM is synchronized.
In_sync=0 means the FIM or FPM is not synchronized, which could indicated the FIM or FPM is running a different firmware build than the primary FIM.
The procedures in this section work for FIMs or FPMs in a standalone FortiGate-7000. These procedures also work for FIMs or FPMs in the primary FortiGate-7000 in an HA configuration. To upgrade firmware on an FIM or FPM in the secondary FortiGate-7000 in an HA configuration, you should either remove the secondary FortiGate-7000 from the HA configuration or cause a failover so that the secondary FortiGate-7000 becomes the primary FortiGate-7000.
In general, if you need to update both FIMs and FPMs in the same FortiGate-7000, you should update the FIMs first as the FPMs can only communicate through FIM interfaces.