Upgrading a FortiSOAR Enterprise Instance
To upgrade your system to FortiSOAR from 6.4.3 or 6.4.4 to 7.0.0, perform the following steps:
- Users who have
root
access must run the upgrade installer. - ssh to the VM that you want to upgrade.
- Run
screen
:screen -S upgrade
Note: This is intended for situations where network connectivity is less than favorable. If there is any connection loss, log back into the SSH console and return to the virtual screen by using the following command:screen -r
- Run the following command to download the upgrade installer:
# wget https://update.cybersponse.com/7.0.0/upgrade-fortisoar-7.0.0.bin
Note: If your instance can connect to "update.cybersponse.com" only by using a proxy, then ensure that the proxy is set in the/etc/wgetrc
file. For example,use_proxy=yes
http_proxy=<proxy_server_ip:port>
https_proxy=<proxy_server_ip:port>
You can also set the proxy while running the FortiSOAR Configuration Wizard or by using thecsadm network
command. - Run the upgrade installer using the following command:
# sh upgrade-fortisoar-7.0.0.bin
OR# chmod +x upgrade-fortisoar-7.0.0.bin
# ./upgrade-fortisoar-7.0.0.bin
Note: The FortiSOAR upgrade installer checks/boot
for disk space, and if the/boot
has insufficient space, then the upgrade installer exits after displaying an appropriate error message. Steps for cleaning up/boot
are present in the Clean up /boot article present in the Fortinet Knowledge Base.
The FortiSOAR upgrade installer also checks the/var/lib/pgsql
disk space to ensure that you have sufficient disk space for pgsql. If you do not have sufficient disk space for pgsql, in this case also the upgrade installer exits. In these cases, you must increase the partition size for/var/lib/pgsql
. For the procedure to increase the partition size, see the 'Issues occurring in FortiSOAR due to insufficient space' section in the Deployment Troubleshooting chapter in the "Deployment Guide" for more information.
Once you complete cleaning up /boot and/or increasing disk space (as per the messages provided by the upgrade installer) and you have sufficient space for upgrading FortiSOAR, you must re-run the upgrade installer to continue the process of upgrading FortiSOAR.
Important: To upgrade a high availability cluster in FortiSOAR, you require to upgrade each node individually, one after the other. For more information, see the Upgrading a FortiSOAR High Availability Cluster section. For information on how to upgrade a FortiSOAR distributed multi-tenant configuration to 7.0.0, see the Upgrading a FortiSOAR Distributed Multi-Tenancy Configuration section.
Note: When you upgrade your FortiSOAR enterprise instance, High Availability (HA) cluster, or a distributed multi-tenant configuration, the FortiSOAR appliance hostkey also gets changed.
- Once your FortiSOAR instance is upgraded, you must log out from the FortiSOAR UI and log back into FortiSOAR.
When you upgrade to FortiSOAR 7.0.0 you will observe warning messages in the upgrade log. Example warning messages are: |
Post upgrade steps
Once you have completed upgrading your FortiSOAR enterprise instance, High Availability (HA) cluster, or a distributed multi-tenant configuration:
-
You must backup your data encryption keys (
.Defuse.key
) from the/opt/cyops/config/cyops-api
file. TheDefuse.key
is a dot file, therefore you need to usels -la /opt/cyops/configs/cyops-api/
to list/view the file and store the data encryption keys securely in a Password Manager or Vault. -
You can also optionally re-index new modules such as War Rooms and Announcements. This is needed since when you upgrade your system to 7.0.0, new modules are not re-indexed, causing the new modules, i.e., War Rooms and Announcements to not be searched in global records. To resolve this issue, re-index the War Rooms and Announcements modules using the following command:
sudo -u nginx php /opt/cyops-api/bin/console app:elastic:create --index='{"type":["warrooms","announcements"]}'
To re-index all the modules, use the following command:sudo -u nginx php /opt/cyops-api/bin/console app:elastic:create