Fortinet white logo
Fortinet white logo

CLI Reference

config system federated-upgrade

config system federated-upgrade

Coordinate federated upgrades within the Security Fabric.

config system federated-upgrade
    Description: Coordinate federated upgrades within the Security Fabric.
    set status [disabled|initialized|...]
    set failure-reason [none|internal|...]
    set failure-device {string}
    set upgrade-id {integer}
    set next-path-index {integer}
    set ha-reboot-controller {string}
    config known-ha-members
        Description: Known members of the HA cluster. If a member is missing at upgrade time, the upgrade will be cancelled.
        edit <serial>
        next
    end
    config node-list
        Description: Nodes which will be included in the upgrade.
        edit <serial>
            set timing [immediate|scheduled]
            set maximum-minutes {integer}
            set time {user}
            set setup-time {user}
            set upgrade-path {user}
            set device-type [fortiproxy|fortiswitch|...]
            set coordinating-fortiproxy {string}
        next
    end
end

config system federated-upgrade

Parameter

Description

Type

Size

Default

status

Current status of the upgrade.

option

-

disabled

Option

Description

disabled

No federated upgrade has been configured.

initialized

The upgrade has been configured.

downloading

The image is downloading in preparation for the upgrade.

device-disconnected

The image downloads are complete, but one or more devices have disconnected.

ready

The image download finished and the upgrade is pending.

coordinating

The upgrade is coordinating with other running upgrades.

staging

The upgrade is confirmed and images are being staged.

final-check

The upgrade is ready and final checks are in progress.

upgrade-devices

The upgrade is ready and devices are being rebooted.

cancelled

The upgrade was cancelled due to the tree not being ready.

confirmed

The upgrade was confirmed and reboots are running.

done

The upgrade completed successfully.

failed

The upgrade failed due to a local issue.

failure-reason

Reason for upgrade failure.

option

-

none

Option

Description

none

No failure.

internal

An internal error occurred.

timeout

The upgrade timed out.

device-type-unsupported

The device type was not supported by the FortiGate.

download-failed

The image could not be downloaded.

device-missing

The device was disconnected from the FortiGate.

version-unavailable

An image matching the device and version could not be found.

staging-failed

The image could not be pushed to the device.

reboot-failed

The device could not be rebooted.

device-not-reconnected

The device did not reconnect after rebooting.

node-not-ready

A device in the Security Fabric tree was not ready.

no-final-confirmation

The coordinating FortiGate did not confirm the upgrade.

no-confirmation-query

A downstream FortiGate did not initiate final confirmation.

config-error-log-nonempty

Configuration errors encountered during the upgrade.

csf-tree-not-supported

The Security Fabric is disabled on the root FortiProxy

node-failed

A device in the Security Fabric tree failed.

failure-device

Serial number of the node to include.

string

Maximum length: 79

upgrade-id

Unique identifier for this upgrade.

integer

Minimum value: 0 Maximum value: 4294967295

0

next-path-index

The index of the next image to upgrade to.

integer

Minimum value: 0 Maximum value: 10

0

ha-reboot-controller

Serial number of the FortiGate unit that will control the reboot process for the federated upgrade of the HA cluster.

string

Maximum length: 79

config known-ha-members

Parameter

Description

Type

Size

Default

serial

Serial number of HA member

string

Maximum length: 79

config node-list

Parameter

Description

Type

Size

Default

serial

Serial number of the node to include.

string

Maximum length: 79

timing

Run immediately or at a scheduled time.

option

-

immediate

Option

Description

immediate

Begin the upgrade immediately.

scheduled

Begin the upgrade at a configured time.

maximum-minutes

Maximum number of minutes to allow for immediate upgrade preparation.

integer

Minimum value: 5 Maximum value: 10080

15

time

Scheduled upgrade execution time in UTC (hh:mm yyyy/mm/dd UTC).

user

Not Specified

setup-time

Upgrade preparation start time in UTC (hh:mm yyyy/mm/dd UTC).

user

Not Specified

upgrade-path

Fortinet OS image versions to upgrade through in major-minor-patch format, such as 7-0-4.

user

Not Specified

device-type

Fortinet device type.

option

-

fortiproxy

Option

Description

fortiproxy

This device is a FortiProxy.

fortiswitch

This device is a FortiSwitch.

fortiap

This device is a FortiAP.

fortiextender

This device is a FortiExtender.

coordinating-fortiproxy

Serial number of the FortiGate unit that controls this device.

string

Maximum length: 79

config system federated-upgrade

config system federated-upgrade

Coordinate federated upgrades within the Security Fabric.

config system federated-upgrade
    Description: Coordinate federated upgrades within the Security Fabric.
    set status [disabled|initialized|...]
    set failure-reason [none|internal|...]
    set failure-device {string}
    set upgrade-id {integer}
    set next-path-index {integer}
    set ha-reboot-controller {string}
    config known-ha-members
        Description: Known members of the HA cluster. If a member is missing at upgrade time, the upgrade will be cancelled.
        edit <serial>
        next
    end
    config node-list
        Description: Nodes which will be included in the upgrade.
        edit <serial>
            set timing [immediate|scheduled]
            set maximum-minutes {integer}
            set time {user}
            set setup-time {user}
            set upgrade-path {user}
            set device-type [fortiproxy|fortiswitch|...]
            set coordinating-fortiproxy {string}
        next
    end
end

config system federated-upgrade

Parameter

Description

Type

Size

Default

status

Current status of the upgrade.

option

-

disabled

Option

Description

disabled

No federated upgrade has been configured.

initialized

The upgrade has been configured.

downloading

The image is downloading in preparation for the upgrade.

device-disconnected

The image downloads are complete, but one or more devices have disconnected.

ready

The image download finished and the upgrade is pending.

coordinating

The upgrade is coordinating with other running upgrades.

staging

The upgrade is confirmed and images are being staged.

final-check

The upgrade is ready and final checks are in progress.

upgrade-devices

The upgrade is ready and devices are being rebooted.

cancelled

The upgrade was cancelled due to the tree not being ready.

confirmed

The upgrade was confirmed and reboots are running.

done

The upgrade completed successfully.

failed

The upgrade failed due to a local issue.

failure-reason

Reason for upgrade failure.

option

-

none

Option

Description

none

No failure.

internal

An internal error occurred.

timeout

The upgrade timed out.

device-type-unsupported

The device type was not supported by the FortiGate.

download-failed

The image could not be downloaded.

device-missing

The device was disconnected from the FortiGate.

version-unavailable

An image matching the device and version could not be found.

staging-failed

The image could not be pushed to the device.

reboot-failed

The device could not be rebooted.

device-not-reconnected

The device did not reconnect after rebooting.

node-not-ready

A device in the Security Fabric tree was not ready.

no-final-confirmation

The coordinating FortiGate did not confirm the upgrade.

no-confirmation-query

A downstream FortiGate did not initiate final confirmation.

config-error-log-nonempty

Configuration errors encountered during the upgrade.

csf-tree-not-supported

The Security Fabric is disabled on the root FortiProxy

node-failed

A device in the Security Fabric tree failed.

failure-device

Serial number of the node to include.

string

Maximum length: 79

upgrade-id

Unique identifier for this upgrade.

integer

Minimum value: 0 Maximum value: 4294967295

0

next-path-index

The index of the next image to upgrade to.

integer

Minimum value: 0 Maximum value: 10

0

ha-reboot-controller

Serial number of the FortiGate unit that will control the reboot process for the federated upgrade of the HA cluster.

string

Maximum length: 79

config known-ha-members

Parameter

Description

Type

Size

Default

serial

Serial number of HA member

string

Maximum length: 79

config node-list

Parameter

Description

Type

Size

Default

serial

Serial number of the node to include.

string

Maximum length: 79

timing

Run immediately or at a scheduled time.

option

-

immediate

Option

Description

immediate

Begin the upgrade immediately.

scheduled

Begin the upgrade at a configured time.

maximum-minutes

Maximum number of minutes to allow for immediate upgrade preparation.

integer

Minimum value: 5 Maximum value: 10080

15

time

Scheduled upgrade execution time in UTC (hh:mm yyyy/mm/dd UTC).

user

Not Specified

setup-time

Upgrade preparation start time in UTC (hh:mm yyyy/mm/dd UTC).

user

Not Specified

upgrade-path

Fortinet OS image versions to upgrade through in major-minor-patch format, such as 7-0-4.

user

Not Specified

device-type

Fortinet device type.

option

-

fortiproxy

Option

Description

fortiproxy

This device is a FortiProxy.

fortiswitch

This device is a FortiSwitch.

fortiap

This device is a FortiAP.

fortiextender

This device is a FortiExtender.

coordinating-fortiproxy

Serial number of the FortiGate unit that controls this device.

string

Maximum length: 79