Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-7000F Handbook

    Home FortiGate-7000 7.0.10 FortiGate-7000F Handbook
    7.0.10
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.10
    7.0.5
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.10
    6.4.8
    6.4.6
    6.2.16
    6.2.16
    6.2.15
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.7
    6.2.6

    HA cluster firmware upgrades

    HA cluster firmware upgrades

    All of the FIMs and FPMs in a FortiGate-7000F HA cluster run the same firmware image. You upgrade the firmware from the primary FIM in the primary FortiGate-7000F.

    If uninterruptible-upgrade and session-pickup are enabled, firmware upgrades should only cause a minimal traffic interruption. Use the following command to enable these settings; they are disabled by default. These settings are synchronized.

    config system ha

    set uninterruptible-upgrade enable

    set session-pickup enable

    end

    When these settings are enabled, the primary FortiGate-7000F primary FIM uploads firmware to the secondary FortiGate-7000F primary FIM, which uploads the firmware to the secondary FIM and the FPMs in the secondary FortiGate-7000F. Then the FIMs and FPMs in the secondary FortiGate-7000F upgrade their firmware, reboot, and resynchronize.

    Then all traffic fails over to the secondary FortiGate-7000F which becomes the new primary FortiGate-7000F. Then the FIMs and FPMs in the new secondary FortiGate-7000F upgrade their firmware and rejoin the cluster. Unless override is enabled, the new primary FortiGate-7000F continues to operate as the primary FortiGate-7000F.

    Normally, you would want to enable uninterruptible-upgrade to minimize traffic interruptions. But uninterruptible-upgrade does not have to be enabled. In fact, if a traffic interruption is not going to cause any problems, you can disable uninterruptible-upgrade so that the firmware upgrade process takes less time.

    As well, some firmware upgrades may not support uninterruptible-upgrade. Make sure to review the release notes before running a firmware upgrade to verify whether or not enabling uninterruptible-upgrade is supported to upgrade to that version.

    Previous
    Next

    HA cluster firmware upgrades

    HA cluster firmware upgrades

    All of the FIMs and FPMs in a FortiGate-7000F HA cluster run the same firmware image. You upgrade the firmware from the primary FIM in the primary FortiGate-7000F.

    If uninterruptible-upgrade and session-pickup are enabled, firmware upgrades should only cause a minimal traffic interruption. Use the following command to enable these settings; they are disabled by default. These settings are synchronized.

    config system ha

    set uninterruptible-upgrade enable

    set session-pickup enable

    end

    When these settings are enabled, the primary FortiGate-7000F primary FIM uploads firmware to the secondary FortiGate-7000F primary FIM, which uploads the firmware to the secondary FIM and the FPMs in the secondary FortiGate-7000F. Then the FIMs and FPMs in the secondary FortiGate-7000F upgrade their firmware, reboot, and resynchronize.

    Then all traffic fails over to the secondary FortiGate-7000F which becomes the new primary FortiGate-7000F. Then the FIMs and FPMs in the new secondary FortiGate-7000F upgrade their firmware and rejoin the cluster. Unless override is enabled, the new primary FortiGate-7000F continues to operate as the primary FortiGate-7000F.

    Normally, you would want to enable uninterruptible-upgrade to minimize traffic interruptions. But uninterruptible-upgrade does not have to be enabled. In fact, if a traffic interruption is not going to cause any problems, you can disable uninterruptible-upgrade so that the firmware upgrade process takes less time.

    As well, some firmware upgrades may not support uninterruptible-upgrade. Make sure to review the release notes before running a firmware upgrade to verify whether or not enabling uninterruptible-upgrade is supported to upgrade to that version.

    Previous
    Next