Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiLink Guide

    Home FortiSwitch 7.6.0 FortiLink Guide
    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.6
    7.2.4
    7.2.1
    7.2.0

    Configuring automatic federated firmware updates

    Configuring automatic federated firmware updates

    When the automatic firmware updates setting is enabled, in addition to an automatic federated upgrade being performed on the FortiGate device, automatic federated upgrades are now performed on managed FortiSwitch units, starting in FortiOS 7.4.1. The federated upgrades of these LAN edge devices adhere to the FortiOS-FortiSwitch compatibility matrix information maintained on the FortiGuard Distribution Network (FDN).

    Configuration example

    In this example, automatic firmware updates are enabled on a FortiGate device that is running FortiOS 7.4.1. Two FortiSwitch units with older firmware are upgraded after the federated update.

    To configure automatic federated firmware updates:
    config system fortiguard
	set auto-firmware-upgrade enable
	set auto-firmware-upgrade-day tuesday 
	set auto-firmware-upgrade-delay 0
	set auto-firmware-upgrade-start-hour 11
	set auto-firmware-upgrade-end-hour 12
end

    The auto-upgrade time is scheduled on Tuesday, between 11:00 a.m. and 12:00 p.m.

    You can also use the execute federated-upgrade commands:

    Option

    Description

    cancel

    Cancel the current federated upgrade.

    initialize

    Set up a federated upgrade.

    quick-fortigate-upgrade

    Set up a federated upgrade for all FortiGate devices.

    quick-full-upgrade

    Set up a federated upgrade for all devices.

    restart

    Restart the current federated upgrade.

    status

    Display the status of the current federated upgrade.
    To verify that the federated update occurs:

    1. Verify that the update is scheduled:

      FGT_A (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
	Next upgrade check scheduled at (local time) Tue Sep  5 11:06:58 2023

    2. Verify if there are managed FortiSwitch that can be upgraded:

      FGT_A (vdom1) # execute switch-controller get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.2.5 (453)      Authorized/Up   2   169.254.1.4     Tue Sep  5 10:16:26 2023    FS1D243Z17000032
S548DF4K16000730  v7.0.7 (096)      Authorized/Up   2   169.254.1.5     Tue Sep  5 10:16:51 2023    S548DF4K16000730

	Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
	Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)

    3. Verify the compatibility matrix:

      FGT_A (global) # diagnose test application forticldd 16
Last update: 3 secs ago

FS1D24: 7.4.0 b767 07004000FIMG0900304000 (FGT Version 7.4.1 b0)

    4. Wait for the FortiGate device to perform the federated update.

    5. After the federated update is complete, verify that the managed FortiSwitch units were upgraded to the latest version:

      FGT_A (vdom1) # execute switch-controller  get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.4.0 (767)      Authorized/Up   2   169.254.1.2     Tue Sep  5 11:22:44 2023    FS1D243Z17000032
S548DF4K16000730  v7.4.0 (767)      Authorized/Up   2   169.254.1.5     Tue Sep  5 11:23:37 2023    S548DF4K16000730

	Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
	Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)
    Previous
    Next

    Configuring automatic federated firmware updates

    Configuring automatic federated firmware updates

    When the automatic firmware updates setting is enabled, in addition to an automatic federated upgrade being performed on the FortiGate device, automatic federated upgrades are now performed on managed FortiSwitch units, starting in FortiOS 7.4.1. The federated upgrades of these LAN edge devices adhere to the FortiOS-FortiSwitch compatibility matrix information maintained on the FortiGuard Distribution Network (FDN).

    Configuration example

    In this example, automatic firmware updates are enabled on a FortiGate device that is running FortiOS 7.4.1. Two FortiSwitch units with older firmware are upgraded after the federated update.

    To configure automatic federated firmware updates:
    config system fortiguard
	set auto-firmware-upgrade enable
	set auto-firmware-upgrade-day tuesday 
	set auto-firmware-upgrade-delay 0
	set auto-firmware-upgrade-start-hour 11
	set auto-firmware-upgrade-end-hour 12
end

    The auto-upgrade time is scheduled on Tuesday, between 11:00 a.m. and 12:00 p.m.

    You can also use the execute federated-upgrade commands:

    Option

    Description

    cancel

    Cancel the current federated upgrade.

    initialize

    Set up a federated upgrade.

    quick-fortigate-upgrade

    Set up a federated upgrade for all FortiGate devices.

    quick-full-upgrade

    Set up a federated upgrade for all devices.

    restart

    Restart the current federated upgrade.

    status

    Display the status of the current federated upgrade.
    To verify that the federated update occurs:

    1. Verify that the update is scheduled:

      FGT_A (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
	Next upgrade check scheduled at (local time) Tue Sep  5 11:06:58 2023

    2. Verify if there are managed FortiSwitch that can be upgraded:

      FGT_A (vdom1) # execute switch-controller get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.2.5 (453)      Authorized/Up   2   169.254.1.4     Tue Sep  5 10:16:26 2023    FS1D243Z17000032
S548DF4K16000730  v7.0.7 (096)      Authorized/Up   2   169.254.1.5     Tue Sep  5 10:16:51 2023    S548DF4K16000730

	Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
	Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)

    3. Verify the compatibility matrix:

      FGT_A (global) # diagnose test application forticldd 16
Last update: 3 secs ago

FS1D24: 7.4.0 b767 07004000FIMG0900304000 (FGT Version 7.4.1 b0)

    4. Wait for the FortiGate device to perform the federated update.

    5. After the federated update is complete, verify that the managed FortiSwitch units were upgraded to the latest version:

      FGT_A (vdom1) # execute switch-controller  get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.4.0 (767)      Authorized/Up   2   169.254.1.2     Tue Sep  5 11:22:44 2023    FS1D243Z17000032
S548DF4K16000730  v7.4.0 (767)      Authorized/Up   2   169.254.1.5     Tue Sep  5 11:23:37 2023    S548DF4K16000730

	Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
	Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)
    Previous
    Next