Fortinet black logo

HA graceful upgrade to FortiOS 7.0.12

Use the following steps to upgrade a FortiGate-6000 or 7000 HA cluster with uninterruptible-upgrade enabled from FortiOS 6.4.12 build 1920 or FortiOS 7.0.10 build 0117 to FortiOS 7.0.12 Build 0169.

Enabling uninterruptible-upgrade allows you to upgrade the firmware of an operating FortiGate-6000 or 7000 HA configuration with only minimal traffic interruption. During the upgrade, the secondary FortiGate upgrades first. Then a failover occurs and the newly upgraded FortiGate becomes the primary FortiGate and the firmware of the new secondary FortiGate upgrades.

Note

After upgrading from FortiOS 7.0.10 to 7.0.12, the FPCs or the secondary FIM and the FPMs will appear to be running un-certified firmware. This also applies to the FPCs or the secondary FIM and the FPMs in the secondary chassis in an HA configuration.

This problem occurs because of the way FortiOS 7.0.10 synchronized signatures from the management board to the FPCs or from the primary FIM to the secondary FIM and the FPMs during the firmware upgrade process.

FortiOS 7.0.12 fixes signature handling, so you can resolve this problem by installing FortiOS 7.0.12 firmware a second time, using a normal firmware upgrade procedure.

Note

Upgrading to FortiOS 7.0.12 Build 0169 may include updating the FortiGate-6000 or 7000E DP processor firmware. The DP processor firmware upgrade occurs during the normal firmware upgrade process and no extra steps are required. It just may take longer to run the upgrade than normal.

Upgrading to FortiOS 7.0.12 Build 0169 will not update the FortiGate-7000F NP7 processor firmware.

To perform a graceful upgrade of your FortiGate-6000 or 7000 from FortiOS 6.4.12 or 7.0.10 to FortiOS 7.0.12:

  1. Use the following command to enable uninterruptible-upgrade to support HA graceful upgrade:

    config system ha

    set uninterruptible-upgrade enable

    end

  2. Download FortiOS 7.0.12 firmware for FortiGate-6000 or 7000 from the https://support.fortinet.com FortiGate-6K7K 7.0.12 firmware image folder.

  3. Perform a normal upgrade of your HA cluster using the downloaded firmware image file.

  4. Verify that you have installed the correct firmware version. For example, for a FortiGate-6301F:

    get system status
    Version: FortiGate-6301F v7.0.12,build0169,230619 (GA.M)
    ...

Use the following steps to upgrade a FortiGate-6000 or 7000 HA cluster with uninterruptible-upgrade enabled from FortiOS 6.4.12 build 1920 or FortiOS 7.0.10 build 0117 to FortiOS 7.0.12 Build 0169.

Enabling uninterruptible-upgrade allows you to upgrade the firmware of an operating FortiGate-6000 or 7000 HA configuration with only minimal traffic interruption. During the upgrade, the secondary FortiGate upgrades first. Then a failover occurs and the newly upgraded FortiGate becomes the primary FortiGate and the firmware of the new secondary FortiGate upgrades.

Note

After upgrading from FortiOS 7.0.10 to 7.0.12, the FPCs or the secondary FIM and the FPMs will appear to be running un-certified firmware. This also applies to the FPCs or the secondary FIM and the FPMs in the secondary chassis in an HA configuration.

This problem occurs because of the way FortiOS 7.0.10 synchronized signatures from the management board to the FPCs or from the primary FIM to the secondary FIM and the FPMs during the firmware upgrade process.

FortiOS 7.0.12 fixes signature handling, so you can resolve this problem by installing FortiOS 7.0.12 firmware a second time, using a normal firmware upgrade procedure.

Note

Upgrading to FortiOS 7.0.12 Build 0169 may include updating the FortiGate-6000 or 7000E DP processor firmware. The DP processor firmware upgrade occurs during the normal firmware upgrade process and no extra steps are required. It just may take longer to run the upgrade than normal.

Upgrading to FortiOS 7.0.12 Build 0169 will not update the FortiGate-7000F NP7 processor firmware.

To perform a graceful upgrade of your FortiGate-6000 or 7000 from FortiOS 6.4.12 or 7.0.10 to FortiOS 7.0.12:

  1. Use the following command to enable uninterruptible-upgrade to support HA graceful upgrade:

    config system ha

    set uninterruptible-upgrade enable

    end

  2. Download FortiOS 7.0.12 firmware for FortiGate-6000 or 7000 from the https://support.fortinet.com FortiGate-6K7K 7.0.12 firmware image folder.

  3. Perform a normal upgrade of your HA cluster using the downloaded firmware image file.

  4. Verify that you have installed the correct firmware version. For example, for a FortiGate-6301F:

    get system status
    Version: FortiGate-6301F v7.0.12,build0169,230619 (GA.M)
    ...