Fortinet black logo

Hyperscale Firewall Guide

Home FortiGate / FortiOS 6.2.7 Hyperscale Firewall Guide

Upgrading hyperscale firewall features to FortiOS 6.2.7

6.2.7
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6
Copy Link
Copy Doc ID 4d984c03-c315-11eb-92d0-00505692583a:371274
Download PDF

Upgrading hyperscale firewall features to FortiOS 6.2.7

If your FortiGate is currently running FortiOS 6.2.6 firmware and is licensed for hyperscale firewall features, you can follow a normal firmware upgrade process to upgrade to FortiOS 6.2.7.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F with an older firmware version than 6.2.6 and a hyperscale firewall license, you can upgrade in one step to FortiOS 6.2.7 because upgrading to FortiOS 6.2.7 will remove the existing hyperscale firewall configuration but the hyperscale firewall license will still be active. You can go ahead and create a new hyperscale firewall configuration for FortiOS 6.2.7.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F without a hyperscale firewall license you can use the upgrade path to upgrade to FortiOS 6.2.7. To configure hyperscale firewall features, activate your hyperscale firewall license and set up the hyperscale firewall configuration.

Caution

The FortiOS 6.2.7 hyperscale firewall configuration is very different from the 6.2.5 configuration. Upgrading a FortiGate-4200F, 4201F, 4400F, or 4401F from FortiOS 6.2.5 to 6.2.7 will require significant time for preparation and planning before the firmware upgrade and significant downtime after the firmware upgrade to create the new configuration.

To upgrade an HA cluster from an older firmware version

Recommended procedure for upgrading an HA cluster from FortiOS 6.2.5 and older to FortiOS 6.2.7:

  1. Disconnect the backup FortiGate from the cluster.

  2. Upgrade the backup FortiGate's firmware to FortiOS 6.2.7 and set the configuration to factory defaults.

  3. Create the new FortiOS 6.2.7 hyperscale firewall configuration on the backup FortiGate.

    Fortinet Support can assist with setting up the new configuration.

  4. When the backup FortiGate is reconfigured and the configuration tested you can swap network connections from the primary FortiGate to the backup FortiGate with minimal downtime.

  5. Then you can upgrade the firmware on the primary FortiGate and reset it to factory defaults.

  6. Apply the new hyperscale configuration to the primary FortiGate.

    Do this before reforming the cluster, since some configurations may require restarting the FortiGate.

  7. Add the primary FortiGate back to the cluster to re-form the cluster.

To upgrade a standalone FortiGate from an older firmware version

To upgrade a standalone FortiGate from FortiOS 6.2.5 and older to FortiOS 6.2.7, Fortinet recommends preparing the new configuration on a test device if possible before configuring your production FortiGate. Fortinet Support can help with planning, configuration, and conversion.

Previous
Next

Upgrading hyperscale firewall features to FortiOS 6.2.7

If your FortiGate is currently running FortiOS 6.2.6 firmware and is licensed for hyperscale firewall features, you can follow a normal firmware upgrade process to upgrade to FortiOS 6.2.7.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F with an older firmware version than 6.2.6 and a hyperscale firewall license, you can upgrade in one step to FortiOS 6.2.7 because upgrading to FortiOS 6.2.7 will remove the existing hyperscale firewall configuration but the hyperscale firewall license will still be active. You can go ahead and create a new hyperscale firewall configuration for FortiOS 6.2.7.

If you are currently operating a FortiGate-4200F, 4201F, 4400F, or 4401F without a hyperscale firewall license you can use the upgrade path to upgrade to FortiOS 6.2.7. To configure hyperscale firewall features, activate your hyperscale firewall license and set up the hyperscale firewall configuration.

Caution

The FortiOS 6.2.7 hyperscale firewall configuration is very different from the 6.2.5 configuration. Upgrading a FortiGate-4200F, 4201F, 4400F, or 4401F from FortiOS 6.2.5 to 6.2.7 will require significant time for preparation and planning before the firmware upgrade and significant downtime after the firmware upgrade to create the new configuration.

To upgrade an HA cluster from an older firmware version

Recommended procedure for upgrading an HA cluster from FortiOS 6.2.5 and older to FortiOS 6.2.7:

  1. Disconnect the backup FortiGate from the cluster.

  2. Upgrade the backup FortiGate's firmware to FortiOS 6.2.7 and set the configuration to factory defaults.

  3. Create the new FortiOS 6.2.7 hyperscale firewall configuration on the backup FortiGate.

    Fortinet Support can assist with setting up the new configuration.

  4. When the backup FortiGate is reconfigured and the configuration tested you can swap network connections from the primary FortiGate to the backup FortiGate with minimal downtime.

  5. Then you can upgrade the firmware on the primary FortiGate and reset it to factory defaults.

  6. Apply the new hyperscale configuration to the primary FortiGate.

    Do this before reforming the cluster, since some configurations may require restarting the FortiGate.

  7. Add the primary FortiGate back to the cluster to re-form the cluster.

To upgrade a standalone FortiGate from an older firmware version

To upgrade a standalone FortiGate from FortiOS 6.2.5 and older to FortiOS 6.2.7, Fortinet recommends preparing the new configuration on a test device if possible before configuring your production FortiGate. Fortinet Support can help with planning, configuration, and conversion.

Previous
Next