Firmware upgrades
Fortinet recommends using the following steps to upgrade the firmware of the FortiGates in an FGSP deployment. Follow these steps whether or not you have enabled configuration synchronization.
For an example FGSP deployment with two FortiGates (FGT-1 and FGT-2):
-
Switch all traffic to FGT-1.
Configure the load balancer or router that distributes traffic between the FortiGates to send all traffic to one of the FortiGates in the FGSP deployment (in this case FGT-1).
-
Disconnect FGT-2 from your network.
Make sure to also disconnect the interfaces that allow heartbeat and synchronization communication with FGT-1. You want to prevent FGT-2 from communicating with FGT-1.
- Upgrade the firmware of FGT-2.
- Re-connect FGT-2's traffic interfaces (but not the interfaces used for heartbeat and synchronization communication with FGT-1).
-
Switch all traffic to the newly upgraded FGT-2.
Configure the load balancer or router that distributes traffic between the FortiGates to send all traffic to the FortiGate with upgraded firmware.
- Upgrade the firmware of FGT-1 (while heartbeat and synchronization communication with FGT-2 remains disconnected).
- Reconnect the FGT-2 interfaces that allow heartbeat and synchronization communication between FGT-1 and FGT-2.
-
Restore the original traffic distribution between FGT-1 and FGT-2.
Configure the load balancer or router to again distribute traffic to both FortiGates in the FGSP deployment.