FortiGate 6000 and 7000 upgrade information
Upgrade FortiGate 6000 firmware from the management board GUI or CLI. Upgrade FortiGate 7000 firmware from the primary FIM GUI or CLI. The FortiGate 6000 management board and FPCs or the FortiGate 7000 FIMs and FPMs all run the same firmware image. Upgrading the firmware copies the firmware image to all components, which then install the new firmware and restart. A FortiGate 6000 or 7000 firmware upgrade can take a few minutes, the amount of time depending on the hardware and software configuration and whether DP or NP7 processor software is also upgraded.
On a standalone FortiGate 6000 or 7000, or an HA cluster with uninterruptible-upgrade
disabled, the firmware upgrade interrupts traffic because all components upgrade in one step. These firmware upgrades should be done during a quiet time because traffic can be interrupted for a few minutes during the upgrade process.
Fortinet recommends running a graceful firmware upgrade of a FortiGate 6000 or 7000 FGCP HA cluster by enabling uninterruptible-upgrade
and session-pickup
. A graceful firmware upgrade only causes minimal traffic interruption.
Fortinet recommends that you review the services provided by your FortiGate 6000 or 7000 before a firmware upgrade and then again after the upgrade to make sure that these services continue to operate normally. For example, you might want to verify that you can successfully access an important server used by your organization before the upgrade and make sure that you can still reach the server after the upgrade and performance is comparable. You can also take a snapshot of key performance indicators (for example, number of sessions, CPU usage, and memory usage) before the upgrade and verify that you see comparable performance after the upgrade. |
To perform a graceful upgrade of your FortiGate 6000 or 7000 to FortiOS 7.2.7:
Graceful upgrade of a FortiGate 6000 or 7000 FGCP HA cluster is not supported when upgrading from FortiOS 7.0.12, 7.0.13, or 7.0.14 to 7.2.7. Upgrading the firmware of a FortiGate 6000 or 7000 FGCP HA cluster from 7.0.12, 7.0.13, or 7.0.14 to 7.2.7 should be done during a maintenance window, since the firmware upgrade process will disrupt traffic for up to 30 minutes. Before upgrading the firmware, disable |
-
Use the following command to enable
uninterruptible-upgrade
to support HA graceful upgrade:config system ha set uninterruptible-upgrade enable end
-
Download the FortiOS 7.2.7 FG-6000F, FG-7000E, or FG-7000F firmware from https://support.fortinet.com.
-
Perform a normal upgrade of your HA cluster using the downloaded firmware image file.
-
When the upgrade is complete, verify that you have installed the correct firmware version.
For example, check the FortiGate dashboard or use the
get system status
command. -
Confirm that all components are synchronized and operating normally.
For example, go to Monitor > Configuration Sync Monitor to view the status of all components, or use
diagnose sys confsync status
to confirm that all components are synchronized.