Fortinet Document Library

Version:


Table of Contents

New Features

7.0.0
Download PDF
Copy Link

Automatic provisioning of FortiSwitch firmware upon authorization

FortiSwitch firmware images can be automatically provisioned after authorization. After a FortiSwitch unit is authorized by FortiLink, its firmware is upgraded to the version provisioned by the administrator.

On FortiGate models that have a hard disk, up to four images for the same FortiSwitch model can be uploaded. For FortiGate models without a hard disk, only one image can be uploaded for each FortiSwitch model.

To configure the automatic provisioning:
config switch-controller managed-switch
    edit <FortiSwitch_serial_number>
        set firmware-provision {enable | disable}
        set firmware-provision-version <version>
    next
end

firmware-provision {enable | disable}

Enable or disable provisioning firmware to the FortiSwitch unit after authorization (the default is disable).

firmware-provision-version <version>

The firmware version to provision the FortiSwitch unit with on bootup.

The format is major_version.minor_version.build_number, for example, 6.4.0454.

Example

In this example, a FortiSwitch 248E-POE is upgraded from FortiSwitchOS 6.4.3 to 6.4.4.

To configure automatic provisioning and upgrade the FortiSwitch firmware after authorization:
  1. Upload the FortiSwitch image to the FortiGate device and confirm that it was uploaded successfully:

    # execute switch-controller switch-software upload tftp 248-454.out 172.18.60.160
    
    Downloading file 248-454.out from tftp server 172.18.60.160...
    ###########################
    Image checking ...
    Image MD5 calculating ...
    Image Saving S248EP-IMG.swtp ...
    Successful!
    
    File Syncing...
    # execute switch-controller switch-software list-available
    
    ImageName                        ImageSize(B)   ImageInfo               Uploaded Time
    S248EP-v6.4-build454-IMG.swtp    28579517       S248EP-v6.4-build454    Mon Nov 30 15:06:07 2020
  2. On the FortiSwitch unit, check the current version:

    # get system status
    Version: FortiSwitch-248E-POE v6.4.3,build0452,201029 (GA)
    Serial-Number: S248EPTF18001842
    BIOS version: 04000004
    System Part-Number: P22169-02
    Burn in MAC: 70:4c:a5:e1:53:f6
    Hostname: S248EPTF18001842
    Distribution: International
    Branch point: 452
    System time: Wed Dec 31 16:11:17 1969
  3. On the FortiSwitch unit, change the management mode to FortiLink:

    config system global
        set switch-mgmt-mode  fortilink
    end
  4. On the FortiGate device, enable firmware provisioning and specify the version:

    config switch-controller managed-switch
        edit S248EPTF18000000
            set firmware-provision enable
            set firmware-provision-version 6.4.0454
        next
    end
  5. On the FortiGate device, authorize the FortiSwitch unit:

    config switch-controller managed-switch
        edit S248EPTF18000000
            set fsw-wan1-peer flink
            set fsw-wan1-admin enable
        next
    end
  6. When the authorized FortiSwitch unit is in FortiLink mode, it automatically starts upgrading to the provisioned firmware:

     # execute switch-controller get-upgrade-status
                    Device    Running-version                                Status      Next-boot
    ===================================================================================================================
    VDOM : vdom1
            FS1D243Z170000XX  FS1D24-v6.4.0-build456,201121 (Interim)        (0/0/0)   N/A  (Idle)
            S248DN3X170002XX  S248DN-v6.4.0-build456,201121 (Interim)        (0/0/0)   N/A  (Idle)
            S248EPTF18000000  S248EP-v6.4.3-build452,201029 (GA)             (14/0/0)   N/A (Upgrading)
  7. Check the version when the upgrade is complete:

    # execute switch-controller get-conn-status
    Managed-devices in current vdom vdom1:
    
    FortiLink interface : flink
    SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            NAME
    FS1D243Z17000032  v6.4.0 (456)      Authorized/Up   -   169.254.1.3     Mon Nov 30 11:08:10 2020    -
    S248DN3X170002XX  v6.4.0 (456)      Authorized/Up   -   169.254.1.4     Mon Nov 30 11:08:32 2020    -
    S248EPTF18000000  v6.4.4 (454)      Authorized/Up   C   169.254.1.6     Mon Nov 30 15:20:53 2020    -

Automatic provisioning of FortiSwitch firmware upon authorization

FortiSwitch firmware images can be automatically provisioned after authorization. After a FortiSwitch unit is authorized by FortiLink, its firmware is upgraded to the version provisioned by the administrator.

On FortiGate models that have a hard disk, up to four images for the same FortiSwitch model can be uploaded. For FortiGate models without a hard disk, only one image can be uploaded for each FortiSwitch model.

To configure the automatic provisioning:
config switch-controller managed-switch
    edit <FortiSwitch_serial_number>
        set firmware-provision {enable | disable}
        set firmware-provision-version <version>
    next
end

firmware-provision {enable | disable}

Enable or disable provisioning firmware to the FortiSwitch unit after authorization (the default is disable).

firmware-provision-version <version>

The firmware version to provision the FortiSwitch unit with on bootup.

The format is major_version.minor_version.build_number, for example, 6.4.0454.

Example

In this example, a FortiSwitch 248E-POE is upgraded from FortiSwitchOS 6.4.3 to 6.4.4.

To configure automatic provisioning and upgrade the FortiSwitch firmware after authorization:
  1. Upload the FortiSwitch image to the FortiGate device and confirm that it was uploaded successfully:

    # execute switch-controller switch-software upload tftp 248-454.out 172.18.60.160
    
    Downloading file 248-454.out from tftp server 172.18.60.160...
    ###########################
    Image checking ...
    Image MD5 calculating ...
    Image Saving S248EP-IMG.swtp ...
    Successful!
    
    File Syncing...
    # execute switch-controller switch-software list-available
    
    ImageName                        ImageSize(B)   ImageInfo               Uploaded Time
    S248EP-v6.4-build454-IMG.swtp    28579517       S248EP-v6.4-build454    Mon Nov 30 15:06:07 2020
  2. On the FortiSwitch unit, check the current version:

    # get system status
    Version: FortiSwitch-248E-POE v6.4.3,build0452,201029 (GA)
    Serial-Number: S248EPTF18001842
    BIOS version: 04000004
    System Part-Number: P22169-02
    Burn in MAC: 70:4c:a5:e1:53:f6
    Hostname: S248EPTF18001842
    Distribution: International
    Branch point: 452
    System time: Wed Dec 31 16:11:17 1969
  3. On the FortiSwitch unit, change the management mode to FortiLink:

    config system global
        set switch-mgmt-mode  fortilink
    end
  4. On the FortiGate device, enable firmware provisioning and specify the version:

    config switch-controller managed-switch
        edit S248EPTF18000000
            set firmware-provision enable
            set firmware-provision-version 6.4.0454
        next
    end
  5. On the FortiGate device, authorize the FortiSwitch unit:

    config switch-controller managed-switch
        edit S248EPTF18000000
            set fsw-wan1-peer flink
            set fsw-wan1-admin enable
        next
    end
  6. When the authorized FortiSwitch unit is in FortiLink mode, it automatically starts upgrading to the provisioned firmware:

     # execute switch-controller get-upgrade-status
                    Device    Running-version                                Status      Next-boot
    ===================================================================================================================
    VDOM : vdom1
            FS1D243Z170000XX  FS1D24-v6.4.0-build456,201121 (Interim)        (0/0/0)   N/A  (Idle)
            S248DN3X170002XX  S248DN-v6.4.0-build456,201121 (Interim)        (0/0/0)   N/A  (Idle)
            S248EPTF18000000  S248EP-v6.4.3-build452,201029 (GA)             (14/0/0)   N/A (Upgrading)
  7. Check the version when the upgrade is complete:

    # execute switch-controller get-conn-status
    Managed-devices in current vdom vdom1:
    
    FortiLink interface : flink
    SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            NAME
    FS1D243Z17000032  v6.4.0 (456)      Authorized/Up   -   169.254.1.3     Mon Nov 30 11:08:10 2020    -
    S248DN3X170002XX  v6.4.0 (456)      Authorized/Up   -   169.254.1.4     Mon Nov 30 11:08:32 2020    -
    S248EPTF18000000  v6.4.4 (454)      Authorized/Up   C   169.254.1.6     Mon Nov 30 15:20:53 2020    -