Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.0.10 Administration Guide

Fabric Management page

7.0.10
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Copy Link
Copy Doc ID 684c1ca4-b213-11ed-8e6d-fa163e15d75b:788240
Download PDF

Fabric Management page

The Fabric Management page allows administrators to manage the firmware running on each FortiGate, FortiAP, and FortiSwitch in the Security Fabric, and to authorize and register these Fabric devices.

Administrators can also use the Fabric Management page to view the maturity level of FortiOS 7.0.6 and later firmware images. See Firmware maturity levels.

Upgrading firmware

A Fabric Upgrade can be performed immediately or during a scheduled time. Administrators can choose a firmware from FortiGuard for the Fabric member to download directly to upgrade.

When upgrading FortiGates from mature firmware to feature firmware, a warning message is displayed.

Note

To demonstrate the functionality of this feature, the examples use FortiGates that are running interim builds.
To upgrade individual device firmware:
  1. Go to System > Fabric Management. The devices are displayed in the table with their firmware version, maturity level (either (Feature) or (Mature)), and status.

  2. Upgrade the root FortiGate to the latest firmware:
    1. Select the root device (sf70-jun13) and click Upgrade. The Firmware Management pane opens.
    2. Select All Upgrades (other options available are Latest, All Downgrades, and File Upload) and select an option.

    3. Click Confirm and Backup Config.

      If you are upgrading from a mature to a feature firmware version, the Confirm pane opens with a warning message.

    4. Review the warning, and click Confirm to continue. A warning message is displayed.
    5. Click Continue to initiate the upgrade.
  3. After the root FortiGate reboots, upgrade the FortiSwitch using FortiGuard:
    1. Go to System > Fabric Management and select the device, then click Upgrade. The Upgrade FortiSwitches pane opens.
    2. Select FortiGuard, ensure the device you want to upgrade is enabled, then click Upgrade.
  4. Upgrade the FortiAP using local firmware:
    1. Select the device and click Upgrade Device. The Upgrade FortiAPs pane opens.
    2. Select Upload and click Browse to select the file.
    3. Ensure the device you want to upgrade is enabled, then click Upgrade.
To upgrade all Fabric device firmware:
  1. Go to System > Fabric Management and click Fabric Upgrade. The Firmware Management pane opens.
  2. Select Latest or All Upgrades and select the option that is displayed, then click Next.

  3. Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time (Custom is used in this example).

    Note

    In a custom upgrade, the configuration backups are saved when the administrator schedules the upgrade. If the scheduled upgrade occurs after further configuration changes are made, the latest changes will not be saved in a new backup configuration file.

  4. Click Next and review the update schedule. For the FortiSwitch units, a message appears because no firmware upgrade is currently available.

  5. Click Confirm and Backup Config. The pane goes into a loading state to wait for all FortiGate configurations to save. Once completed, the pane closes and the device list refreshes to reflect the latest changes.

Authorizing devices

If there are any notifications in the top banner dropdown for unauthorized devices or devices that require authorization, clicking the notification redirects the user to the System > Fabric Management page. In this example, two devices require authorization.

On the Fabric Management page, the unauthorized devices (a downstream FortiGate and a FortiAP) are grayed out, and their status is Waiting for authorization.

To authorize a Security Fabric device from the Fabric Management page:
  1. Select an unauthorized device.
  2. Click Authorize (below the donut charts), or right-click and select Authorize.

    A notification appears in the bottom-right corner once the device is authorized.

  3. Click the subsequent notification to refresh the page. The device's status is now Online.

To deauthorize a Security Fabric device from the Fabric Management page:
  1. Select a device.
  2. Right-click and select Deauthorize.

  3. Click the subsequent notification to refresh the page.

CLI commands

The following options are available in execute federated-upgrade <option>:

Option

Description

cancel

Cancel the currently configured upgrade.

initialize

Set up a federated upgrade.

status

Show the current status of a federated upgrade.
Note

The config system federated-upgrade command is read-only. Attempting to configure federated upgrade using the config command will show the following error message:

Federated upgrade cannot be configured directly.
Please use 'execute federated-upgrade ...' to configure.
Previous
Next

Fabric Management page

The Fabric Management page allows administrators to manage the firmware running on each FortiGate, FortiAP, and FortiSwitch in the Security Fabric, and to authorize and register these Fabric devices.

Administrators can also use the Fabric Management page to view the maturity level of FortiOS 7.0.6 and later firmware images. See Firmware maturity levels.

Upgrading firmware

A Fabric Upgrade can be performed immediately or during a scheduled time. Administrators can choose a firmware from FortiGuard for the Fabric member to download directly to upgrade.

When upgrading FortiGates from mature firmware to feature firmware, a warning message is displayed.

Note

To demonstrate the functionality of this feature, the examples use FortiGates that are running interim builds.
To upgrade individual device firmware:
  1. Go to System > Fabric Management. The devices are displayed in the table with their firmware version, maturity level (either (Feature) or (Mature)), and status.

  2. Upgrade the root FortiGate to the latest firmware:
    1. Select the root device (sf70-jun13) and click Upgrade. The Firmware Management pane opens.
    2. Select All Upgrades (other options available are Latest, All Downgrades, and File Upload) and select an option.

    3. Click Confirm and Backup Config.

      If you are upgrading from a mature to a feature firmware version, the Confirm pane opens with a warning message.

    4. Review the warning, and click Confirm to continue. A warning message is displayed.
    5. Click Continue to initiate the upgrade.
  3. After the root FortiGate reboots, upgrade the FortiSwitch using FortiGuard:
    1. Go to System > Fabric Management and select the device, then click Upgrade. The Upgrade FortiSwitches pane opens.
    2. Select FortiGuard, ensure the device you want to upgrade is enabled, then click Upgrade.
  4. Upgrade the FortiAP using local firmware:
    1. Select the device and click Upgrade Device. The Upgrade FortiAPs pane opens.
    2. Select Upload and click Browse to select the file.
    3. Ensure the device you want to upgrade is enabled, then click Upgrade.
To upgrade all Fabric device firmware:
  1. Go to System > Fabric Management and click Fabric Upgrade. The Firmware Management pane opens.
  2. Select Latest or All Upgrades and select the option that is displayed, then click Next.

  3. Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time (Custom is used in this example).

    Note

    In a custom upgrade, the configuration backups are saved when the administrator schedules the upgrade. If the scheduled upgrade occurs after further configuration changes are made, the latest changes will not be saved in a new backup configuration file.

  4. Click Next and review the update schedule. For the FortiSwitch units, a message appears because no firmware upgrade is currently available.

  5. Click Confirm and Backup Config. The pane goes into a loading state to wait for all FortiGate configurations to save. Once completed, the pane closes and the device list refreshes to reflect the latest changes.

Authorizing devices

If there are any notifications in the top banner dropdown for unauthorized devices or devices that require authorization, clicking the notification redirects the user to the System > Fabric Management page. In this example, two devices require authorization.

On the Fabric Management page, the unauthorized devices (a downstream FortiGate and a FortiAP) are grayed out, and their status is Waiting for authorization.

To authorize a Security Fabric device from the Fabric Management page:
  1. Select an unauthorized device.
  2. Click Authorize (below the donut charts), or right-click and select Authorize.

    A notification appears in the bottom-right corner once the device is authorized.

  3. Click the subsequent notification to refresh the page. The device's status is now Online.

To deauthorize a Security Fabric device from the Fabric Management page:
  1. Select a device.
  2. Right-click and select Deauthorize.

  3. Click the subsequent notification to refresh the page.

CLI commands

The following options are available in execute federated-upgrade <option>:

Option

Description

cancel

Cancel the currently configured upgrade.

initialize

Set up a federated upgrade.

status

Show the current status of a federated upgrade.
Note

The config system federated-upgrade command is read-only. Attempting to configure federated upgrade using the config command will show the following error message:

Federated upgrade cannot be configured directly.
Please use 'execute federated-upgrade ...' to configure.
Previous
Next