Fortinet black logo

FortiGate-7000 Handbook

HA cluster firmware upgrades

Copy Link
Copy Doc ID 46a2bcaf-5a38-11ea-9384-00505692583a:743155
Download PDF

HA cluster firmware upgrades

All of the FIMs and FPMs in a FortiGate-7000 HA cluster run the same firmware image. You upgrade the firmware from the primary FIM in the primary FortiGate-7000 .

If uninterruptible-upgrade and session-pickup are enabled, firmware upgrades should only cause a minimal traffic interruption. Use the following command to enable these settings; they are disabled by default. These settings are synchronized.

config system ha

set uninterruptible-upgrade enable

set session-pickup enable

end

When these settings are enabled, the primary FortiGate-7000 primary FIM uploads firmware to the secondary FortiGate-7000 primary FIM, which uploads the firmware to all of the modules in the secondary FortiGate-7000. Then the modules in the secondary FortiGate-7000 upgrade their firmware, reboot, and resynchronize.

Then all traffic fails over to the secondary FortiGate-7000 which becomes the new primary FortiGate-7000. Then the modules in the new secondary FortiGate-7000 upgrade their firmware and rejoin the cluster. Unless override is enabled, the new primary FortiGate-7000 continues to operate as the primary FortiGate-7000.

Normally, you would want to enable uninterruptible-upgrade to minimize traffic interruptions. But uninterruptible-upgrade does not have to be enabled. In fact, if a traffic interruption is not going to cause any problems, you can disable uninterruptible-upgrade so that the firmware upgrade process takes less time.

As well some firmware upgrades may not support uninterruptible-upgrade. For example, uninterruptible-upgrade may not be supported if the firmware upgrade also includes a DP2 processor firmware upgrade. Make sure to review the release notes before running a firmware upgrade to verify whether or not enabling uninterruptible-upgrade is supported to upgrade to that version.

HA cluster firmware upgrades

All of the FIMs and FPMs in a FortiGate-7000 HA cluster run the same firmware image. You upgrade the firmware from the primary FIM in the primary FortiGate-7000 .

If uninterruptible-upgrade and session-pickup are enabled, firmware upgrades should only cause a minimal traffic interruption. Use the following command to enable these settings; they are disabled by default. These settings are synchronized.

config system ha

set uninterruptible-upgrade enable

set session-pickup enable

end

When these settings are enabled, the primary FortiGate-7000 primary FIM uploads firmware to the secondary FortiGate-7000 primary FIM, which uploads the firmware to all of the modules in the secondary FortiGate-7000. Then the modules in the secondary FortiGate-7000 upgrade their firmware, reboot, and resynchronize.

Then all traffic fails over to the secondary FortiGate-7000 which becomes the new primary FortiGate-7000. Then the modules in the new secondary FortiGate-7000 upgrade their firmware and rejoin the cluster. Unless override is enabled, the new primary FortiGate-7000 continues to operate as the primary FortiGate-7000.

Normally, you would want to enable uninterruptible-upgrade to minimize traffic interruptions. But uninterruptible-upgrade does not have to be enabled. In fact, if a traffic interruption is not going to cause any problems, you can disable uninterruptible-upgrade so that the firmware upgrade process takes less time.

As well some firmware upgrades may not support uninterruptible-upgrade. For example, uninterruptible-upgrade may not be supported if the firmware upgrade also includes a DP2 processor firmware upgrade. Make sure to review the release notes before running a firmware upgrade to verify whether or not enabling uninterruptible-upgrade is supported to upgrade to that version.