Upgrading all device firmware by following the upgrade path (federated update)
When performing a Fabric upgrade or non-Fabric upgrade under System > Firmware & Registration and choosing a firmware that requires multiple builds in the upgrade path, the FortiGate can follow the upgrade path to complete the upgrade automatically. This process is sometimes called a federated update. A federated update can be performed immediately or during a scheduled time.
On managed FortiAPs and FortiSwitches, federated upgrades of these LAN edge devices adhere to the respective compatibility matrix information maintained on the FortiGuard Distribution Network (FDN).
To demonstrate the functionality of this feature, this example uses FortiGates that are running and upgrading to fictitious build numbers. |
Example
In this example, the Security Fabric consists of a root FortiGate (FGT_101E) and a downstream FortiGate (GA_A_1). The FortiGates are currently running FortiOS 7.2.1 (build 0510). The administrator wants to upgrade the firmware to version 7.4.0 (build 0810). When upgrading the firmware on the Firmware & Registration page, the FortiGate is able to display the upgrade path, 7.2.1 > 7.2.2 > 7.4.0, and perform all of the upgrades in sequence (with multiple reboots).
To upgrade the FortiGate firmware:
- Go to System > Firmware & Registration and click Fabric Upgrade. The Fabric Upgrade pane opens.
- In the Select Firmware section, select All Upgrades.
- Select the 7.4.0 version. Upgrade options appear.
- Select Follow upgrade path. The upgrade path is displayed: v7.2.1 > v7.2.2 > v7.4.0.
- If Directly upgrade to v7.4.0 is selected, a warning message appears that this may result in the loss of configuration.
- Click Next.
-
Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time. (Custom is used in this example.)
-
Click Next and review the update schedule.
-
Click Confirm and Backup Config.
The Upgrade Status for both FortiGates indicated when the scheduled upgrade will take place. In this example, the first upgrade in the path is to version 7.2.2. The FortiGates will reboot and then upgrade to 7.4.0 as per the upgrade path.
Once the upgrades are complete and both FortiGates are running the desired firmware (7.4.0), the Upgrade Status changes to Up to date.
CLI commands
The following options are available in execute federated-upgrade <option>
:
Option |
Description |
---|---|
cancel |
Cancel the currently configured upgrade. |
initialize |
Set up a federated upgrade. |
status |
Show the current status of a federated upgrade. |
restart |
Restart the currently configured federated upgrade. |
The Federated upgrade cannot be configured directly. Please use 'execute federated-upgrade ...' to configure. |