Version:

Version:

Version:


Table of Contents

Hyperscale Firewall Guide

Download PDF
Copy Link

Upgrading hyperscale firewall features to FortiOS 6.2.6

FortiOS 6.2.6 is the first Hyperscale firewall release for the FortiGate-1800F, 1801F, 2600F, and 2601F. To use hyperscale firewall features with these models, follow the upgrade path to upgrade the firmware to FortiOS 6.2.6, activate your hyperscale firewall license, and then configure hyperscale Firewall features.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F with a hyperscale firewall license, upgrading to FortiOS 6.2.6 will remove the existing hyperscale firewall configuration but the hyperscale firewall license will still be active. You can go ahead and create a new hyperscale firewall configuration for FortiOS 6.2.6.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F without a hyperscale firewall license you can use the upgrade path to upgrade to FortiOS 6.2.6. To configure hyperscale firewall features, activate your hyperscale firewall license and set up the hyperscale firewall configuration.

Caution

The FortiOS 6.2.6 hyperscale firewall configuration is very different from the 6.2.5 configuration. Upgrading a FortiGate-4200F, 4201F, 4400F, or 4401F from FortiOS 6.2.5 to 6.2.6 will require significant time for preparation and planning before the firmware upgrade and significant downtime after the firmware upgrade to create the new configuration.

To upgrade an HA cluster

Recommended procedure for upgrading an HA cluster,

  1. Disconnect the backup FortiGate from the cluster.

  2. Upgrade the backup FortiGate's firmware to FortiOS 6.2.6 and set the configuration to factory defaults.

  3. Create the new FortiOS 6.2.6 hyperscale firewall configuration on the backup FortiGate.

    Fortinet Support can assist with setting up the new configuration.

  4. When the backup FortiGate is reconfigured and the configuration tested you can swap network connections from the primary FortiGate to the backup FortiGate with minimal downtime. 

  5. Then you can upgrade the firmware on the primary FortiGate and reset it to factory defaults.

  6. Apply the new hyperscale configuration to the primary FortiGate.

    Do this before reforming the cluster, since some configurations may require restarting the FortiGate.

  7. Add the primary FortiGate back to the cluster to re-form the cluster.

To upgrade a standalone FortiGate

To upgrade a standalone FortiGate, Fortinet recommends preparing the new configuration on a test device if possible before configuring your production FortiGate. Fortinet Support can help with planning, configuration, and conversion.

Upgrading hyperscale firewall features to FortiOS 6.2.6

FortiOS 6.2.6 is the first Hyperscale firewall release for the FortiGate-1800F, 1801F, 2600F, and 2601F. To use hyperscale firewall features with these models, follow the upgrade path to upgrade the firmware to FortiOS 6.2.6, activate your hyperscale firewall license, and then configure hyperscale Firewall features.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F with a hyperscale firewall license, upgrading to FortiOS 6.2.6 will remove the existing hyperscale firewall configuration but the hyperscale firewall license will still be active. You can go ahead and create a new hyperscale firewall configuration for FortiOS 6.2.6.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F without a hyperscale firewall license you can use the upgrade path to upgrade to FortiOS 6.2.6. To configure hyperscale firewall features, activate your hyperscale firewall license and set up the hyperscale firewall configuration.

Caution

The FortiOS 6.2.6 hyperscale firewall configuration is very different from the 6.2.5 configuration. Upgrading a FortiGate-4200F, 4201F, 4400F, or 4401F from FortiOS 6.2.5 to 6.2.6 will require significant time for preparation and planning before the firmware upgrade and significant downtime after the firmware upgrade to create the new configuration.

To upgrade an HA cluster

Recommended procedure for upgrading an HA cluster,

  1. Disconnect the backup FortiGate from the cluster.

  2. Upgrade the backup FortiGate's firmware to FortiOS 6.2.6 and set the configuration to factory defaults.

  3. Create the new FortiOS 6.2.6 hyperscale firewall configuration on the backup FortiGate.

    Fortinet Support can assist with setting up the new configuration.

  4. When the backup FortiGate is reconfigured and the configuration tested you can swap network connections from the primary FortiGate to the backup FortiGate with minimal downtime. 

  5. Then you can upgrade the firmware on the primary FortiGate and reset it to factory defaults.

  6. Apply the new hyperscale configuration to the primary FortiGate.

    Do this before reforming the cluster, since some configurations may require restarting the FortiGate.

  7. Add the primary FortiGate back to the cluster to re-form the cluster.

To upgrade a standalone FortiGate

To upgrade a standalone FortiGate, Fortinet recommends preparing the new configuration on a test device if possible before configuring your production FortiGate. Fortinet Support can help with planning, configuration, and conversion.