Upgrading FortiGates in an HA cluster
You can upgrade the firmware on an HA cluster in the same way as on a standalone FortiGate. During a firmware upgrade, the cluster upgrades the primary unit and all of the subordinate units to the new firmware image.
Before upgrading a cluster, back up your configuration (Configuration backups and reset), schedule a maintenance window, and make sure that you are using a supported upgrade path (https://docs.fortinet.com/upgrade-tool). |
Uninterrupted upgrade
An uninterrupted upgrade occurs without interrupting communication in the physical or virtual cluster.
To upgrade the cluster firmware without interrupting communication, use the following steps. These steps are transparent to the user and the network, and might result in the cluster selecting a new primary unit.
-
The administrator uploads a new firmware image using the GUI or CLI. See Upgrading individual devices for details.
-
The firmware is upgraded on all of the subordinate units.
-
A new primary unit is selected from the upgraded subordinates.
-
The firmware is upgraded on the former primary unit.
-
Primary unit selection occurs, according to the standard primary unit selection process.
If all of the subordinate units crash or otherwise stop responding during the upgrade process, the primary unit will continue to operate normally, and will not be upgraded until at least one subordinate rejoins the cluster.
Uninterrupted upgrade does not guarantee that reboots will stagger after changes to CLI settings that require a reboot. Changing settings in the CLI that require a reboot will typically display a warning, such as: The configuration will take effect after system reboot. Do you want to continue? (y/n) This can result in all of the cluster units rebooting at the same time. For example, the following command will cause all of the cluster units to reboot simultaneously: config system npu set default-qos-type {policing | shaping} end The configuration will take effect after system reboot. Do you want to continue? (y/n) |
Interrupted upgrade
An interrupted upgrade upgrades all cluster members at the same time. This takes less time than an uninterrupted upgrade, but it interrupts communication in the cluster. Interrupted upgrade is disabled by default.
To enable interrupted upgrade:
config system ha set uninterruptible-upgrade disable end