Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

HA graceful upgrade to FortiOS 6.4.2

HA graceful upgrade to FortiOS 6.4.2

Use the following steps to upgrade a FortiGate-6000 or 7000 HA cluster with uninterruptible-upgrade enabled from FortiOS 6.2.3 or 6.2.4 to FortiOS 6.4.2.

Note

Upgrading FortiGate-6000 or 7000 firmware from FortiOS 6.2.6 or later 6.2.x versions of FortiOS to FortiOS 6.4.2 is not supported. Instead you should upgrade to FortiOS 6.4.6.

Upgrading to FortiOS 6.4.2 is not supported because FortiOS 6.2.6 and later FortiOS 6.2.x versions support IPsec VPN tunnel-based load balancing (see IPsec VPN load balancing changes for details). IPsec VPN tunnel based load balancing is not supported by FortiOS 6.4.2, but is supported by FortiOS 6.4.6 and later.

Enabling uninterruptible-upgrade allows you to upgrade the firmware of an operating FortiGate-6000 or 7000 HA configuration with only minimal traffic interruption. During the upgrade, the secondary FortiGate upgrades first. Then a failover occurs and the newly upgraded FortiGate becomes the primary FortiGate and the firmware of the new secondary FortiGate upgrades.

To perform a graceful upgrade of your FortiGate-6000 or 7000 from FortiOS 6.2.3 or 6.2.4 to FortiOS 6.4.2:

  1. Use the following command to enable uninterruptible-upgrade to support HA graceful upgrade:

    config system ha

    set uninterruptible-upgrade enable

    end

  2. Download FortiOS 6.4.2 firmware for FortiGate-6000 or 7000 from the https://support.fortinet.com FortiGate-6K7K 6.4.2 firmware image folder.

  3. Perform a normal upgrade of your HA cluster using the downloaded firmware image file.

  4. Verify that you have installed the correct firmware version. For example, for a FortiGate-6301F:

    get system status
    Version: FortiGate-6301F v6.4.2,build1749,201119 (GA)
    ...

HA graceful upgrade to FortiOS 6.4.2

Use the following steps to upgrade a FortiGate-6000 or 7000 HA cluster with uninterruptible-upgrade enabled from FortiOS 6.2.3 or 6.2.4 to FortiOS 6.4.2.

Note

Upgrading FortiGate-6000 or 7000 firmware from FortiOS 6.2.6 or later 6.2.x versions of FortiOS to FortiOS 6.4.2 is not supported. Instead you should upgrade to FortiOS 6.4.6.

Upgrading to FortiOS 6.4.2 is not supported because FortiOS 6.2.6 and later FortiOS 6.2.x versions support IPsec VPN tunnel-based load balancing (see IPsec VPN load balancing changes for details). IPsec VPN tunnel based load balancing is not supported by FortiOS 6.4.2, but is supported by FortiOS 6.4.6 and later.

Enabling uninterruptible-upgrade allows you to upgrade the firmware of an operating FortiGate-6000 or 7000 HA configuration with only minimal traffic interruption. During the upgrade, the secondary FortiGate upgrades first. Then a failover occurs and the newly upgraded FortiGate becomes the primary FortiGate and the firmware of the new secondary FortiGate upgrades.

To perform a graceful upgrade of your FortiGate-6000 or 7000 from FortiOS 6.2.3 or 6.2.4 to FortiOS 6.4.2:

  1. Use the following command to enable uninterruptible-upgrade to support HA graceful upgrade:

    config system ha

    set uninterruptible-upgrade enable

    end

  2. Download FortiOS 6.4.2 firmware for FortiGate-6000 or 7000 from the https://support.fortinet.com FortiGate-6K7K 6.4.2 firmware image folder.

  3. Perform a normal upgrade of your HA cluster using the downloaded firmware image file.

  4. Verify that you have installed the correct firmware version. For example, for a FortiGate-6301F:

    get system status
    Version: FortiGate-6301F v6.4.2,build1749,201119 (GA)
    ...