Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiLink Guide

    Home FortiSwitch 7.4.5 FortiLink Guide
    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.6
    7.2.4
    7.2.1
    7.2.0

    Firmware upgrade of stacked or tiered FortiSwitch units

    Firmware upgrade of stacked or tiered FortiSwitch units

    In this topology, the core FortiSwitch units are model FS-224E, and the access FortiSwitch units are model FS-108E-FPOE. Because the switches are stacked or tiered, the procedure to update the firmware is simpler. The FortiGate unit is running FortiOS 6.2.2 GA. In the following procedure, the four FortiSwitch units are upgraded from 6.2.1 to 6.2.2.

    To upgrade the firmware of stacked or tiered FortiSwitch units:

    1. Check that all of the FortiSwitch units are connected and which firmware versions they are running. For example:

      FGT81ETK19001274 # execute switch-controller get-conn-status 
Managed-devices in current vdom root:

STACK-NAME: FortiSwitch-Stack-flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS       JOIN-TIME      NAME 
S108EF5918003577  v6.2.1 (176)      Authorized/Up   -   10.105.22.6     Thu Oct 24 10:47:27 2019    -  
S108EP5918008265  v6.2.1 (176)      Authorized/Up   -   10.105.22.5     Thu Oct 24 10:47:20 2019    -     
S224ENTF18001408  v6.2.1 (176)      Authorized/Up   -   10.105.22.2     Thu Oct 24 10:44:36 2019    -    
S224ENTF18001432  v6.2.1 (176)      Authorized/Up   -   10.105.22.3     Thu Oct 24 10:44:49 2019    -    

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=configuration sync error
Managed-Switches: 4 (UP: 4 DOWN: 0)

    2. (Optional) To speed up how fast the image is pushed from the FortiGate unit to the FortiSwitch units, enable the HTTPS image push instead of the CAPWAP image push. For example:

      FGT81ETK19001274 # config switch-controller global 
FGT81ETK19001274 (global) # set https-image-push enable 
FGT81ETK19001274 (global) # end

    3. Download the file for the FortiSwitchOS 6.2.2 GA build 194 in the FortiGate unit. For example: 

      FGT81ETK19001274 # execute switch-controller switch-software upload tftp FSW_224E-v6-build0194-FORTINET.out 10.105.16.15

Downloading file FSW_224E-v6-build0194-FORTINET.out from tftp server 10.105.16.15...
#########################
Image checking ...
Image MD5 calculating ...
Image Saving S224EN-IMG.swtp ...
Successful!

File Syncing...

FGT81ETK19001274 # execute switch-controller switch-software upload tftp FSW_108E_POE-v6-build0194-FORTINET.out 10.105.16.15

Downloading file FSW_108E_POE-v6-build0194-FORTINET.out from tftp server 10.105.16.15...
##################
Image checking ...
Image MD5 calculating ...
Image Saving S108EP-IMG.swtp ...
Successful!

File Syncing...

FGT81ETK19001274 # execute switch-controller switch-software upload tftp FSW_108E_FPOE-v6-build0194-FORTINET.out 10.105.16.15

Downloading file FSW_108E_FPOE-v6-build0194-FORTINET.out from tftp server 10.105.16.15...
##################
Image checking ...
Image MD5 calculating ...
Image Saving S108EF-IMG.swtp ...
Successful!

File Syncing...

FGT81ETK19001274 #
    4. Check the downloaded FortiSwitch image. For example: 
      FGT81ETK19001274 # execute switch-controller switch-software list-available 

ImageName              ImageSize(B)   ImageInfo               Uploaded Time  
S108EF-IMG.swtp        19574769       S108EF-v6.2-build194    Thu Oct 24 13:03:51 2019
S108EP-IMG.swtp        19583362       S108EP-v6.2-build194    Thu Oct 24 13:03:23 2019
S224EN-IMG.swtp        27159659       S224EN-v6.2-build194    Thu Oct 24 13:03:02 2019

FGT81ETK19001274 #
    5. Start the image staging. For example: 
      FGT81ETK19001274 #  execute switch-controller switch-software stage all S224EN-IMG.swtp
Staged Image Version S224EN-v6.2-build194
Image staging operation is started for FortiSwitch S224ENTF18001408 ...
Image staging operation is started for FortiSwitch S224ENTF18001432 ...

FGT81ETK19001274 # execute switch-controller switch-software stage all S108EF-IMG.swtp
Staged Image Version S108EF-v6.2-build194
Image staging operation is started for FortiSwitch S108EF5918003577 ...

FGT81ETK19001274 # execute switch-controller switch-software stage all S108EP-IMG.swtp
Staged Image Version S108EP-v6.2-build194
Image staging operation is started for FortiSwitch S108EP5918008265 ...
    6. Check the status of the image staging. The Status column reports (from left to right) the percentage of the new firmware downloaded, the percentage of data erased to make space in the switchʼs local storage, and the percentage of the new firmware saved to the switchʼs local storage. For example: 
      FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408  S224EN-v6.2.1-build176,190620 (GA)             (100/0/0)   S224EN-v6.2-build176       (Staging) 
S224ENTF18001432  S224EN-v6.2.1-build176,190620 (GA)             (100/0/0)   S224EN-v6.2-build176       (Staging) 
S108EP5918008265  S108EP-v6.2.1-build176,190620 (GA)             (18/0/0)   S108EP-v6.2-build176        (Staging) 
S108EF5918003577  S108EF-v6.2.1-build176,190620 (GA)             (25/0/0)   S108EF-v6.2-build176        (Staging)
    7. Verify that the image staging has completed. For example:
      FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408  S224EN-v6.2.1-build176,190620 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S224ENTF18001432  S224EN-v6.2.1-build176,190620 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S108EP5918008265  S108EP-v6.2.1-build176,190620 (GA)             (0/100/100)   S108EP-v6.2-build194     (Idle) 
S108EF5918003577  S108EF-v6.2.1-build176,190620 (GA)             (0/100/100)   S108EF-v6.2-build194     (Idle)
    8. Reboot all switches (or reboot the switches by group). For example: 
      FGT81ETK19001274 # execute switch-controller switch-action restart delay all
Delayed restart operation is requested for FortiSwitch S224ENTF18001408 ...
Delayed restart operation is requested for FortiSwitch S224ENTF18001432 ...
Delayed restart operation is requested for FortiSwitch S108EP5918008265 ...
Delayed restart operation is requested for FortiSwitch S108EF5918003577 ...
    9. Check the status of the switch reboot. For example: 
      FGT81ETK19001274 # execute switch-controller switch-action restart delay all
Delayed restart operation is requested for FortiSwitch S224ENTF18001408 ...
Delayed restart operation is requested for FortiSwitch S224ENTF18001432 ...
Delayed restart operation is requested for FortiSwitch S108EP5918008265 ...
Delayed restart operation is requested for FortiSwitch S108EF5918003577 ...

FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment
S224ENTF18001432                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment
S108EP5918008265                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment
S108EF5918003577                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment

FGT81ETK19001274 # execute switch-controller get-conn-status 
Managed-devices in current vdom root:

STACK-NAME: FortiSwitch-Stack-flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS      JOIN-TIME       NAME 
S108EF5918003577  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -    
S108EP5918008265  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -     
S224ENTF18001408  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -    
S224ENTF18001432  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -    

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=configuration sync error
Managed-Switches: 4 (UP: 0 DOWN: 4)

FGT81ETK19001274 #
    10. Wait for a while before checking that all switches are online. For example: 
      FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408  S224EN-v6.2.2-build194,191018 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S224ENTF18001432  S224EN-v6.2.2-build194,191018 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S108EP5918008265  S108EP-v6.2.2-build194,191018 (GA)             (0/100/100)   S108EP-v6.2-build194     (Idle) 
S108EF5918003577  S108EF-v6.2.2-build194,191018 (GA)             (0/100/100)   S108EF-v6.2-build194     (Idle) 

FGT81ETK19001274 # execute switch-controller get-conn-status   
Managed-devices in current vdom root:

STACK-NAME: FortiSwitch-Stack-flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            NAME            
S108EF5918003577  v6.2.2 (194)      Authorized/Up   -   10.105.22.6     Thu Oct 24 13:22:27 2019    -     
S108EP5918008265  v6.2.2 (194)      Authorized/Up   -   10.105.22.5     Thu Oct 24 13:22:41 2019    -     
S224ENTF18001408  v6.2.2 (194)      Authorized/Up   -   10.105.22.2     Thu Oct 24 13:20:11 2019    -    
S224ENTF18001432  v6.2.2 (194)      Authorized/Up   -   10.105.22.3     Thu Oct 24 13:19:58 2019    -    

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=configuration sync error
Managed-Switches: 4 (UP: 4 DOWN: 0)

FGT81ETK19001274 #

    config switch-controller global

    append disable-discovery S012345678

    unselect disable-discovery S1234567890

    end

    Previous
    Next

    Firmware upgrade of stacked or tiered FortiSwitch units

    Firmware upgrade of stacked or tiered FortiSwitch units

    In this topology, the core FortiSwitch units are model FS-224E, and the access FortiSwitch units are model FS-108E-FPOE. Because the switches are stacked or tiered, the procedure to update the firmware is simpler. The FortiGate unit is running FortiOS 6.2.2 GA. In the following procedure, the four FortiSwitch units are upgraded from 6.2.1 to 6.2.2.

    To upgrade the firmware of stacked or tiered FortiSwitch units:

    1. Check that all of the FortiSwitch units are connected and which firmware versions they are running. For example:

      FGT81ETK19001274 # execute switch-controller get-conn-status 
Managed-devices in current vdom root:

STACK-NAME: FortiSwitch-Stack-flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS       JOIN-TIME      NAME 
S108EF5918003577  v6.2.1 (176)      Authorized/Up   -   10.105.22.6     Thu Oct 24 10:47:27 2019    -  
S108EP5918008265  v6.2.1 (176)      Authorized/Up   -   10.105.22.5     Thu Oct 24 10:47:20 2019    -     
S224ENTF18001408  v6.2.1 (176)      Authorized/Up   -   10.105.22.2     Thu Oct 24 10:44:36 2019    -    
S224ENTF18001432  v6.2.1 (176)      Authorized/Up   -   10.105.22.3     Thu Oct 24 10:44:49 2019    -    

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=configuration sync error
Managed-Switches: 4 (UP: 4 DOWN: 0)

    2. (Optional) To speed up how fast the image is pushed from the FortiGate unit to the FortiSwitch units, enable the HTTPS image push instead of the CAPWAP image push. For example:

      FGT81ETK19001274 # config switch-controller global 
FGT81ETK19001274 (global) # set https-image-push enable 
FGT81ETK19001274 (global) # end

    3. Download the file for the FortiSwitchOS 6.2.2 GA build 194 in the FortiGate unit. For example: 

      FGT81ETK19001274 # execute switch-controller switch-software upload tftp FSW_224E-v6-build0194-FORTINET.out 10.105.16.15

Downloading file FSW_224E-v6-build0194-FORTINET.out from tftp server 10.105.16.15...
#########################
Image checking ...
Image MD5 calculating ...
Image Saving S224EN-IMG.swtp ...
Successful!

File Syncing...

FGT81ETK19001274 # execute switch-controller switch-software upload tftp FSW_108E_POE-v6-build0194-FORTINET.out 10.105.16.15

Downloading file FSW_108E_POE-v6-build0194-FORTINET.out from tftp server 10.105.16.15...
##################
Image checking ...
Image MD5 calculating ...
Image Saving S108EP-IMG.swtp ...
Successful!

File Syncing...

FGT81ETK19001274 # execute switch-controller switch-software upload tftp FSW_108E_FPOE-v6-build0194-FORTINET.out 10.105.16.15

Downloading file FSW_108E_FPOE-v6-build0194-FORTINET.out from tftp server 10.105.16.15...
##################
Image checking ...
Image MD5 calculating ...
Image Saving S108EF-IMG.swtp ...
Successful!

File Syncing...

FGT81ETK19001274 #
    4. Check the downloaded FortiSwitch image. For example: 
      FGT81ETK19001274 # execute switch-controller switch-software list-available 

ImageName              ImageSize(B)   ImageInfo               Uploaded Time  
S108EF-IMG.swtp        19574769       S108EF-v6.2-build194    Thu Oct 24 13:03:51 2019
S108EP-IMG.swtp        19583362       S108EP-v6.2-build194    Thu Oct 24 13:03:23 2019
S224EN-IMG.swtp        27159659       S224EN-v6.2-build194    Thu Oct 24 13:03:02 2019

FGT81ETK19001274 #
    5. Start the image staging. For example: 
      FGT81ETK19001274 #  execute switch-controller switch-software stage all S224EN-IMG.swtp
Staged Image Version S224EN-v6.2-build194
Image staging operation is started for FortiSwitch S224ENTF18001408 ...
Image staging operation is started for FortiSwitch S224ENTF18001432 ...

FGT81ETK19001274 # execute switch-controller switch-software stage all S108EF-IMG.swtp
Staged Image Version S108EF-v6.2-build194
Image staging operation is started for FortiSwitch S108EF5918003577 ...

FGT81ETK19001274 # execute switch-controller switch-software stage all S108EP-IMG.swtp
Staged Image Version S108EP-v6.2-build194
Image staging operation is started for FortiSwitch S108EP5918008265 ...
    6. Check the status of the image staging. The Status column reports (from left to right) the percentage of the new firmware downloaded, the percentage of data erased to make space in the switchʼs local storage, and the percentage of the new firmware saved to the switchʼs local storage. For example: 
      FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408  S224EN-v6.2.1-build176,190620 (GA)             (100/0/0)   S224EN-v6.2-build176       (Staging) 
S224ENTF18001432  S224EN-v6.2.1-build176,190620 (GA)             (100/0/0)   S224EN-v6.2-build176       (Staging) 
S108EP5918008265  S108EP-v6.2.1-build176,190620 (GA)             (18/0/0)   S108EP-v6.2-build176        (Staging) 
S108EF5918003577  S108EF-v6.2.1-build176,190620 (GA)             (25/0/0)   S108EF-v6.2-build176        (Staging)
    7. Verify that the image staging has completed. For example:
      FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408  S224EN-v6.2.1-build176,190620 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S224ENTF18001432  S224EN-v6.2.1-build176,190620 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S108EP5918008265  S108EP-v6.2.1-build176,190620 (GA)             (0/100/100)   S108EP-v6.2-build194     (Idle) 
S108EF5918003577  S108EF-v6.2.1-build176,190620 (GA)             (0/100/100)   S108EF-v6.2-build194     (Idle)
    8. Reboot all switches (or reboot the switches by group). For example: 
      FGT81ETK19001274 # execute switch-controller switch-action restart delay all
Delayed restart operation is requested for FortiSwitch S224ENTF18001408 ...
Delayed restart operation is requested for FortiSwitch S224ENTF18001432 ...
Delayed restart operation is requested for FortiSwitch S108EP5918008265 ...
Delayed restart operation is requested for FortiSwitch S108EF5918003577 ...
    9. Check the status of the switch reboot. For example: 
      FGT81ETK19001274 # execute switch-controller switch-action restart delay all
Delayed restart operation is requested for FortiSwitch S224ENTF18001408 ...
Delayed restart operation is requested for FortiSwitch S224ENTF18001432 ...
Delayed restart operation is requested for FortiSwitch S108EP5918008265 ...
Delayed restart operation is requested for FortiSwitch S108EF5918003577 ...

FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment
S224ENTF18001432                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment
S108EP5918008265                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment
S108EF5918003577                        Prepping for delayed restart triggered ... please wait for switch to reboot in a moment

FGT81ETK19001274 # execute switch-controller get-conn-status 
Managed-devices in current vdom root:

STACK-NAME: FortiSwitch-Stack-flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS      JOIN-TIME       NAME 
S108EF5918003577  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -    
S108EP5918008265  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -     
S224ENTF18001408  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -    
S224ENTF18001432  v6.2.1 ()         Authorized/Down D   0.0.0.0         N/A               -    

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=configuration sync error
Managed-Switches: 4 (UP: 0 DOWN: 4)

FGT81ETK19001274 #
    10. Wait for a while before checking that all switches are online. For example: 
      FGT81ETK19001274 # execute switch-controller get-upgrade-status
Device    Running-version                                Status      Next-boot
					========================================================================================
VDOM : root
S224ENTF18001408  S224EN-v6.2.2-build194,191018 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S224ENTF18001432  S224EN-v6.2.2-build194,191018 (GA)             (0/100/100)   S224EN-v6.2-build194     (Idle) 
S108EP5918008265  S108EP-v6.2.2-build194,191018 (GA)             (0/100/100)   S108EP-v6.2-build194     (Idle) 
S108EF5918003577  S108EF-v6.2.2-build194,191018 (GA)             (0/100/100)   S108EF-v6.2-build194     (Idle) 

FGT81ETK19001274 # execute switch-controller get-conn-status   
Managed-devices in current vdom root:

STACK-NAME: FortiSwitch-Stack-flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            NAME            
S108EF5918003577  v6.2.2 (194)      Authorized/Up   -   10.105.22.6     Thu Oct 24 13:22:27 2019    -     
S108EP5918008265  v6.2.2 (194)      Authorized/Up   -   10.105.22.5     Thu Oct 24 13:22:41 2019    -     
S224ENTF18001408  v6.2.2 (194)      Authorized/Up   -   10.105.22.2     Thu Oct 24 13:20:11 2019    -    
S224ENTF18001432  v6.2.2 (194)      Authorized/Up   -   10.105.22.3     Thu Oct 24 13:19:58 2019    -    

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=configuration sync error
Managed-Switches: 4 (UP: 4 DOWN: 0)

FGT81ETK19001274 #

    config switch-controller global

    append disable-discovery S012345678

    unselect disable-discovery S1234567890

    end

    Previous
    Next