Fortinet black logo

Administration Guide

Firmware upgrades in FGSP

Firmware upgrades in FGSP

The following steps are recommended to upgrade the firmware of FortiGates in an FGSP deployment. Follow these steps whether or not you have enabled standalone configuration synchronization.

This example FGSP deployment has two FortiGates, FGT-1 and FGT-2.

To upgrade the firmware in an FGSP deployment:
  1. Switch all traffic to FGT-1:
    1. Configure the load balancer or router that distributes traffic between the FortiGates to send all traffic to FGT-1.
  2. Disconnect FGT-2 from the network.

    Make sure to also disconnect the interfaces that allow heartbeat and synchronization communication with FGT-1. This is to prevent FGT-2 from communicating with FGT-1.

  3. Upgrade the firmware on FGT-2.
  4. Reconnect the traffic interfaces on FGT-2, but not the interfaces used for heartbeat and synchronization communication with FGT-1.
  5. Switch all traffic to the newly upgraded FGT-2:
    1. Configure the load balancer or router that distributes traffic between the FortiGates to send all traffic to FGT-2.
  6. Upgrade the firmware on FGT-1 (while heartbeat and synchronization communication with FGT-2 remains disconnected).
  7. Reconnect the FGT-2 interfaces that allow heartbeat and synchronization communication between FGT-1 and FGT-2.
  8. Restore the original traffic distribution between FGT-1 and FGT-2:
    1. Configure the load balancer or router to distribute traffic to both FortiGates in the FGSP deployment.

Firmware upgrades in FGSP

The following steps are recommended to upgrade the firmware of FortiGates in an FGSP deployment. Follow these steps whether or not you have enabled standalone configuration synchronization.

This example FGSP deployment has two FortiGates, FGT-1 and FGT-2.

To upgrade the firmware in an FGSP deployment:
  1. Switch all traffic to FGT-1:
    1. Configure the load balancer or router that distributes traffic between the FortiGates to send all traffic to FGT-1.
  2. Disconnect FGT-2 from the network.

    Make sure to also disconnect the interfaces that allow heartbeat and synchronization communication with FGT-1. This is to prevent FGT-2 from communicating with FGT-1.

  3. Upgrade the firmware on FGT-2.
  4. Reconnect the traffic interfaces on FGT-2, but not the interfaces used for heartbeat and synchronization communication with FGT-1.
  5. Switch all traffic to the newly upgraded FGT-2:
    1. Configure the load balancer or router that distributes traffic between the FortiGates to send all traffic to FGT-2.
  6. Upgrade the firmware on FGT-1 (while heartbeat and synchronization communication with FGT-2 remains disconnected).
  7. Reconnect the FGT-2 interfaces that allow heartbeat and synchronization communication between FGT-1 and FGT-2.
  8. Restore the original traffic distribution between FGT-1 and FGT-2:
    1. Configure the load balancer or router to distribute traffic to both FortiGates in the FGSP deployment.