Fortinet white logo
Fortinet white logo

FortiGate-7000E Handbook

Firmware upgrade basics

Firmware upgrade basics

All of the FIMs and FPMs in your FortiGate 7000E system run the same firmware image. You upgrade the firmware from the primary FIM GUI or CLI just as you would any FortiGate product.

You can perform a graceful firmware upgrade of a FortiGate 7000E FGCP HA cluster by setting upgrade-mode to uninterruptible and enabling session-pickup. A graceful firmware upgrade only causes minimal traffic interruption.

Upgrading the firmware of a standalone FortiGate 7000E, or FortiGate 7000E HA cluster with upgrade-mode set to simultaneous interrupts traffic because the firmware running on the FIMs and FPMs upgrades in one step. These firmware upgrades should be done during a quiet time because traffic will be interrupted during the upgrade process.

A firmware upgrade takes a few minutes, depending on the number of FIMs and FPMs in your FortiGate 7000E system. Some firmware upgrades may take longer depending on factors such as the size of the configuration.

Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:

  • Review the latest release notes for the firmware version that you are upgrading to.
  • Verify the recommended upgrade path as documented in the release notes.
  • Back up your FortiGate 7000E configuration.
Note

To make sure a FortiGate 7000E firmware upgrade is successful, before starting the upgrade Fortinet recommends you use health checking to make sure the FIMs and FPMs are all synchronized and operating as expected.

If you are following a multi-step upgrade path, you should re-do health checking after each upgrade step to make sure all components are synchronized before the next step.

You should also perform a final round of health checking after the firmware upgrade process is complete.

For recommended health checking commands, see the following Fortinet community article:

Technical Tip: FortiGate-6000/7000 Chassis health check commands.

Note

Fortinet recommends that you review the services provided by your FortiGate 7000E before a firmware upgrade and then again after the upgrade to make sure the services continues to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade, and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.

Firmware upgrade basics

Firmware upgrade basics

All of the FIMs and FPMs in your FortiGate 7000E system run the same firmware image. You upgrade the firmware from the primary FIM GUI or CLI just as you would any FortiGate product.

You can perform a graceful firmware upgrade of a FortiGate 7000E FGCP HA cluster by setting upgrade-mode to uninterruptible and enabling session-pickup. A graceful firmware upgrade only causes minimal traffic interruption.

Upgrading the firmware of a standalone FortiGate 7000E, or FortiGate 7000E HA cluster with upgrade-mode set to simultaneous interrupts traffic because the firmware running on the FIMs and FPMs upgrades in one step. These firmware upgrades should be done during a quiet time because traffic will be interrupted during the upgrade process.

A firmware upgrade takes a few minutes, depending on the number of FIMs and FPMs in your FortiGate 7000E system. Some firmware upgrades may take longer depending on factors such as the size of the configuration.

Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:

  • Review the latest release notes for the firmware version that you are upgrading to.
  • Verify the recommended upgrade path as documented in the release notes.
  • Back up your FortiGate 7000E configuration.
Note

To make sure a FortiGate 7000E firmware upgrade is successful, before starting the upgrade Fortinet recommends you use health checking to make sure the FIMs and FPMs are all synchronized and operating as expected.

If you are following a multi-step upgrade path, you should re-do health checking after each upgrade step to make sure all components are synchronized before the next step.

You should also perform a final round of health checking after the firmware upgrade process is complete.

For recommended health checking commands, see the following Fortinet community article:

Technical Tip: FortiGate-6000/7000 Chassis health check commands.

Note

Fortinet recommends that you review the services provided by your FortiGate 7000E before a firmware upgrade and then again after the upgrade to make sure the services continues to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade, and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.