Automatic provisioning of FortiSwitch firmware upon authorization
FortiSwitch firmware images can be automatically provisioned after authorization. After a FortiSwitch unit is authorized by FortiLink, its firmware is upgraded to the version provisioned by the administrator.
On FortiGate models that have a hard disk, up to four images for the same FortiSwitch model can be uploaded. For FortiGate models without a hard disk, only one image can be uploaded for each FortiSwitch model.
To configure the automatic provisioning:
config switch-controller managed-switch edit <FortiSwitch_serial_number> set firmware-provision {enable | disable} set firmware-provision-version <version> next end
firmware-provision {enable | disable} |
Enable or disable provisioning firmware to the FortiSwitch unit after authorization (the default is disable). |
firmware-provision-version <version> |
The firmware version to provision the FortiSwitch unit with on bootup. The format is major_version.minor_version.build_number, for example, 6.4.0454. |
Example
In this example, a FortiSwitch 248E-POE is upgraded from FortiSwitchOS 6.4.3 to 6.4.4.
To configure automatic provisioning and upgrade the FortiSwitch firmware after authorization:
-
Upload the FortiSwitch image to the FortiGate device and confirm that it was uploaded successfully:
# execute switch-controller switch-software upload tftp 248-454.out 172.18.60.160 Downloading file 248-454.out from tftp server 172.18.60.160... ########################### Image checking ... Image MD5 calculating ... Image Saving S248EP-IMG.swtp ... Successful! File Syncing...
# execute switch-controller switch-software list-available ImageName ImageSize(B) ImageInfo Uploaded Time S248EP-v6.4-build454-IMG.swtp 28579517 S248EP-v6.4-build454 Mon Nov 30 15:06:07 2020
-
On the FortiSwitch unit, check the current version:
# get system status Version: FortiSwitch-248E-POE v6.4.3,build0452,201029 (GA) Serial-Number: S248EPTF18001842 BIOS version: 04000004 System Part-Number: P22169-02 Burn in MAC: 70:4c:a5:e1:53:f6 Hostname: S248EPTF18001842 Distribution: International Branch point: 452 System time: Wed Dec 31 16:11:17 1969
-
On the FortiSwitch unit, change the management mode to FortiLink:
config system global set switch-mgmt-mode fortilink end
-
On the FortiGate device, enable firmware provisioning and specify the version:
config switch-controller managed-switch edit S248EPTF18000000 set firmware-provision enable set firmware-provision-version 6.4.0454 next end
-
On the FortiGate device, authorize the FortiSwitch unit:
config switch-controller managed-switch edit S248EPTF18000000 set fsw-wan1-peer flink set fsw-wan1-admin enable next end
-
When the authorized FortiSwitch unit is in FortiLink mode, it automatically starts upgrading to the provisioned firmware:
# execute switch-controller get-upgrade-status Device Running-version Status Next-boot =================================================================================================================== VDOM : vdom1 FS1D243Z170000XX FS1D24-v6.4.0-build456,201121 (Interim) (0/0/0) N/A (Idle) S248DN3X170002XX S248DN-v6.4.0-build456,201121 (Interim) (0/0/0) N/A (Idle) S248EPTF18000000 S248EP-v6.4.3-build452,201029 (GA) (14/0/0) N/A (Upgrading)
-
Check the version when the upgrade is complete:
# execute switch-controller get-conn-status Managed-devices in current vdom vdom1: FortiLink interface : flink SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME NAME FS1D243Z17000032 v6.4.0 (456) Authorized/Up - 169.254.1.3 Mon Nov 30 11:08:10 2020 - S248DN3X170002XX v6.4.0 (456) Authorized/Up - 169.254.1.4 Mon Nov 30 11:08:32 2020 - S248EPTF18000000 v6.4.4 (454) Authorized/Up C 169.254.1.6 Mon Nov 30 15:20:53 2020 -