All of the FIMs and FPMs in your FortiGate-7000 system run the same firmware image. You upgrade the firmware from the primary FIM GUI or CLI just as you would any FortiGate product.
You can perform a graceful firmware upgrade of a FortiGate-7000 FGCP HA cluster by setting
uninterruptible and enabling
session-pickup. A graceful firmware upgrade only causes minimal traffic interruption.
Upgrading the firmware of a standalone FortiGate-7000, or FortiGate-7000 HA cluster with
upgrade-mode set to
simultaneous interrupts traffic because the firmware running on the FIMs and FPMs upgrades in one step. These firmware upgrades should be done during a quiet time because traffic will be interrupted during the upgrade process.
A firmware upgrade takes a few minutes, depending on the number of FIMs and FPMs in your FortiGate-7000 system. Some firmware upgrades may take longer depending on factors such as the size of the configuration.
Before beginning a firmware upgrade, Fortinet recommends that you perform the following tasks:
- Review the latest release notes for the firmware version that you are upgrading to.
- Verify the recommended upgrade path as documented in the release notes.
- Back up your FortiGate-7000 configuration.
To make sure a FortiGate-7000 firmware upgrade is successful, before starting the upgrade Fortinet recommends you use health checking to make sure the FIMs and FPMs are all synchronized and operating as expected.
If you are following a multi-step upgrade path, you should re-do health checking after each upgrade step to make sure all components are synchronized before the next step.
You should also perform a final round of health checking after the firmware upgrade process is complete.
For recommended health checking commands, see the following Fortinet community article:
Fortinet recommends that you review the services provided by your FortiGate-7000 before a firmware upgrade and then again after the upgrade to make sure the services continues to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade, and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade.