Fortinet white logo
Fortinet white logo

FortiGate-7000 Release Notes

HA graceful upgrade to FortiOS 6.2.16

HA graceful upgrade to FortiOS 6.2.16

Use the following steps to upgrade a FortiGate-6000, 7000E, or 7000F FGCP HA cluster with uninterruptible-upgrade enabled from FortiOS 6.0.17 build 0418, 6.2.15 build 1286 to FortiOS 6.2.16 Build 1300. You can also use the following steps to upgrade a FortiGate-6000 or 7000E FGCP HA cluster with uninterruptible-upgrade enabled from FortiOS 6.0.17 build 0418 to FortiOS 6.2.16 Build 1300. FortiGate-7000F is not supported by FortiOS 6.0.x.

Caution FortiOS 6.2.9 increased the FortiGate 7121F boot partition size. If you are running FortiOS 6.2.7 or earlier firmware on your FortiGate 7121F, you must upgrade to FortiOS 6.2.9 using the information in the FortiGate-7000 6.2.9 Release Notes before upgrading to 6.2.16.

Enabling uninterruptible-upgrade allows you to upgrade the firmware of an operating FortiGate-6000 or 7000 HA configuration with only minimal traffic interruption. During the upgrade, the secondary FortiGate upgrades first. Then a failover occurs and the newly upgraded FortiGate becomes the primary FortiGate and the firmware of the new secondary FortiGate upgrades.

Note

You can use the diagnose sys ha uninterruptible-primary-wait {set | get} command to view and change the timer that controls how long the primary FortiGate-6000 or 7000 waits for the secondary FortiGate-6000 or 7000 to complete the firmware upgrade process before upgrading its own firmware. In some configurations, the secondary FortiGate-6000 or 7000 may take more time than expected to upgrade its firmware. If the default timer is exceeded the firmware upgrade will fail. Extending the timer can solve this problem.

To perform a graceful upgrade of your FortiGate-6000 or 7000 FGCP HA cluster from FortiOS 6.0.17 or 6.2.15 to FortiOS 6.2.16:

  1. Use the following command to enable uninterruptible-upgrade to support HA graceful upgrade:

    config system ha

    set uninterruptible-upgrade enable

    end

  2. Download FortiOS 6.2.16 firmware for FortiGate-6000 or 7000 from the https://support.fortinet.com FortiGate-6K7K 6.2.16 firmware image folder.

  3. Perform a normal upgrade of your HA cluster using the downloaded firmware image file.

  4. Verify that you have installed the correct firmware version. For example, for the FortiGate-6301F:

    get system status
    Version: FortiGate-6301F v6.2.16,build1300,240207 (GA)
    ...

HA graceful upgrade to FortiOS 6.2.16

HA graceful upgrade to FortiOS 6.2.16

Use the following steps to upgrade a FortiGate-6000, 7000E, or 7000F FGCP HA cluster with uninterruptible-upgrade enabled from FortiOS 6.0.17 build 0418, 6.2.15 build 1286 to FortiOS 6.2.16 Build 1300. You can also use the following steps to upgrade a FortiGate-6000 or 7000E FGCP HA cluster with uninterruptible-upgrade enabled from FortiOS 6.0.17 build 0418 to FortiOS 6.2.16 Build 1300. FortiGate-7000F is not supported by FortiOS 6.0.x.

Caution FortiOS 6.2.9 increased the FortiGate 7121F boot partition size. If you are running FortiOS 6.2.7 or earlier firmware on your FortiGate 7121F, you must upgrade to FortiOS 6.2.9 using the information in the FortiGate-7000 6.2.9 Release Notes before upgrading to 6.2.16.

Enabling uninterruptible-upgrade allows you to upgrade the firmware of an operating FortiGate-6000 or 7000 HA configuration with only minimal traffic interruption. During the upgrade, the secondary FortiGate upgrades first. Then a failover occurs and the newly upgraded FortiGate becomes the primary FortiGate and the firmware of the new secondary FortiGate upgrades.

Note

You can use the diagnose sys ha uninterruptible-primary-wait {set | get} command to view and change the timer that controls how long the primary FortiGate-6000 or 7000 waits for the secondary FortiGate-6000 or 7000 to complete the firmware upgrade process before upgrading its own firmware. In some configurations, the secondary FortiGate-6000 or 7000 may take more time than expected to upgrade its firmware. If the default timer is exceeded the firmware upgrade will fail. Extending the timer can solve this problem.

To perform a graceful upgrade of your FortiGate-6000 or 7000 FGCP HA cluster from FortiOS 6.0.17 or 6.2.15 to FortiOS 6.2.16:

  1. Use the following command to enable uninterruptible-upgrade to support HA graceful upgrade:

    config system ha

    set uninterruptible-upgrade enable

    end

  2. Download FortiOS 6.2.16 firmware for FortiGate-6000 or 7000 from the https://support.fortinet.com FortiGate-6K7K 6.2.16 firmware image folder.

  3. Perform a normal upgrade of your HA cluster using the downloaded firmware image file.

  4. Verify that you have installed the correct firmware version. For example, for the FortiGate-6301F:

    get system status
    Version: FortiGate-6301F v6.2.16,build1300,240207 (GA)
    ...