Fortinet white logo
Fortinet white logo

Administration Guide

Fabric Management page

Fabric Management page

The Fabric Management page allows administrators to manage the firmware running on each FortiGate, FortiAP, and FortiSwitch in the Security Fabric, and to authorize and register these Fabric devices.

Upgrading firmware

A Fabric Upgrade can be performed immediately or during a scheduled time. Administrators can choose a firmware from FortiGuard for the Fabric member to download directly to upgrade.

Note

To demonstrate the functionality of this feature, the examples use FortiGates that are running interim builds.

To upgrade individual device firmware:
  1. Go to System > Fabric Management. The devices are displayed in the table with their firmware version and status. In this example, all devices (root FortiGate, downstream FortiGate, FortiSwitch, and FortiAP) have an upgrade available.

  2. Upgrade the root FortiGate to the latest firmware:
    1. Select the device (FGTC) and click Upgrade Device. The FortiGate Upgrade pane opens.
    2. Select Latest (other options available are All Upgrades, All Downgrades, and File Upload) and select the option that is displayed.

    3. Click Confirm and Backup Config then click Continue to initiate the upgrade.
  3. After the root reboots, upgrade the FortiSwitch using FortiGuard:
    1. Go to System > Fabric Management and select the device (Access-FSW-C), then click Upgrade Device. The Upgrade FortiSwitches pane opens.
    2. Select FortiGuard, ensure the device you want to upgrade is enabled, then click Upgrade.

  4. Upgrade the FortiAP using local firmware:
    1. Select the device (FAP-C) and click Upgrade Device. The Upgrade FortiAPs pane opens.
    2. Select Upload and click Browse to select the file.
    3. Ensure the device you want to upgrade is enabled, then click Upgrade.
To upgrade all Fabric device firmware:
  1. Go to System > Fabric Management and click Fabric Upgrade. The Fabric Upgrade pane opens.
  2. Select Latest and select the option that is displayed, then click Next.

  3. Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time (Custom is used in this example).

    Note

    In a custom upgrade, the configuration backups are saved when the administrator schedules the upgrade. If the scheduled upgrade occurs after further configuration changes are made, the latest changes will not be saved in a new backup configuration file.

  4. Click Next and review the update schedule. For the FortiAP, a message appears because a firmware upgrade is currently not available.

  5. Click Confirm and Backup Config. The pane goes into a loading state to wait for all FortiGate configurations to save. Once completed, the pane closes and the device list refreshes to reflect the latest changes.

Authorizing devices

If there are any notifications in the top banner dropdown for unauthorized devices or devices that require authorization, clicking the notification redirects the user to the System > Fabric Management page. In this example, two devices require authorization.

On the Fabric Management page, the unauthorized devices (a downstream FortiGate and a FortiAP) are grayed out, and their status is Waiting for authorization.

To authorize a Security Fabric device from the Fabric Management page:
  1. Select an unauthorized device.
  2. Click Authorize (below the donut charts), or right-click and select Authorize.

    A notification appears in the bottom-right corner once the device is authorized.

  3. Click the subsequent notification to refresh the page. The device's status is now Online.

To deauthorize a Security Fabric device from the Fabric Management page:
  1. Select a device.
  2. Right-click and select Deauthorize.

  3. Click the subsequent notification to refresh the page.

CLI commands

The following options are available in execute federated-upgrade <option>:

Option

Description

cancel

Cancel the currently configured upgrade.

initialize

Set up a federated upgrade.

status

Show the current status of a federated upgrade.

Fabric Management page

Fabric Management page

The Fabric Management page allows administrators to manage the firmware running on each FortiGate, FortiAP, and FortiSwitch in the Security Fabric, and to authorize and register these Fabric devices.

Upgrading firmware

A Fabric Upgrade can be performed immediately or during a scheduled time. Administrators can choose a firmware from FortiGuard for the Fabric member to download directly to upgrade.

Note

To demonstrate the functionality of this feature, the examples use FortiGates that are running interim builds.

To upgrade individual device firmware:
  1. Go to System > Fabric Management. The devices are displayed in the table with their firmware version and status. In this example, all devices (root FortiGate, downstream FortiGate, FortiSwitch, and FortiAP) have an upgrade available.

  2. Upgrade the root FortiGate to the latest firmware:
    1. Select the device (FGTC) and click Upgrade Device. The FortiGate Upgrade pane opens.
    2. Select Latest (other options available are All Upgrades, All Downgrades, and File Upload) and select the option that is displayed.

    3. Click Confirm and Backup Config then click Continue to initiate the upgrade.
  3. After the root reboots, upgrade the FortiSwitch using FortiGuard:
    1. Go to System > Fabric Management and select the device (Access-FSW-C), then click Upgrade Device. The Upgrade FortiSwitches pane opens.
    2. Select FortiGuard, ensure the device you want to upgrade is enabled, then click Upgrade.

  4. Upgrade the FortiAP using local firmware:
    1. Select the device (FAP-C) and click Upgrade Device. The Upgrade FortiAPs pane opens.
    2. Select Upload and click Browse to select the file.
    3. Ensure the device you want to upgrade is enabled, then click Upgrade.
To upgrade all Fabric device firmware:
  1. Go to System > Fabric Management and click Fabric Upgrade. The Fabric Upgrade pane opens.
  2. Select Latest and select the option that is displayed, then click Next.

  3. Select an upgrade schedule, either Immediate or Custom. If using Custom, enter an upgrade date and time (Custom is used in this example).

    Note

    In a custom upgrade, the configuration backups are saved when the administrator schedules the upgrade. If the scheduled upgrade occurs after further configuration changes are made, the latest changes will not be saved in a new backup configuration file.

  4. Click Next and review the update schedule. For the FortiAP, a message appears because a firmware upgrade is currently not available.

  5. Click Confirm and Backup Config. The pane goes into a loading state to wait for all FortiGate configurations to save. Once completed, the pane closes and the device list refreshes to reflect the latest changes.

Authorizing devices

If there are any notifications in the top banner dropdown for unauthorized devices or devices that require authorization, clicking the notification redirects the user to the System > Fabric Management page. In this example, two devices require authorization.

On the Fabric Management page, the unauthorized devices (a downstream FortiGate and a FortiAP) are grayed out, and their status is Waiting for authorization.

To authorize a Security Fabric device from the Fabric Management page:
  1. Select an unauthorized device.
  2. Click Authorize (below the donut charts), or right-click and select Authorize.

    A notification appears in the bottom-right corner once the device is authorized.

  3. Click the subsequent notification to refresh the page. The device's status is now Online.

To deauthorize a Security Fabric device from the Fabric Management page:
  1. Select a device.
  2. Right-click and select Deauthorize.

  3. Click the subsequent notification to refresh the page.

CLI commands

The following options are available in execute federated-upgrade <option>:

Option

Description

cancel

Cancel the currently configured upgrade.

initialize

Set up a federated upgrade.

status

Show the current status of a federated upgrade.