Fortinet 84 FortiWeb 5.0 Patch 6 Administration Guide
To update the firmware of an HA pair
1. Verify that both of the members in the HA pair are powered on and available on all of the
network interfaces that you have configured.
2. Log in to the web UI of the primary appliance as the admin administrator. (You cannot
connect to an appliance while it is the standby.)
Alternatively, log on with an administrator account whose access profile contains Read and
Write permissions in the Maintenance category.
3. Install the firmware on the primary appliance. For details, see “Installing firmware” on
page 79. When installing via the web UI, a message will appear after your web browser has
uploaded the file:
Sending the new firmware file to the standby. Please wait...
The primary appliance will transmit the firmware file to the standby appliance over its HA
link.The standby appliance will upgrade its firmware first; on the active appliance, this will be
recorded in an event log message such as:
Member (FV-1KC3R11111111) left HA group
After the standby appliance reboots and indicates via the HA heartbeat that it is up again,
the primary appliance will begin to update its own firmware. During that time, the standby
appliance will temporarily become active and process your network’s traffic. After the
original appliance reboots, it indicates via the HA heartbeat that it is up again. Which
appliance will assume the active role of traffic processing depends on your configuration
(see “How HA chooses the active appliance” on page 44):
•If Override is enabled, the cluster will consider your Device Priority setting. Therefore both
appliances usually make a second failover in order to resume their original roles.
•If Override is disabled, the cluster will consider uptime first. The original primary appliance
will have a smaller uptime due to the order of reboots during the firmware upgrade.
Therefore it will not resume its active role; instead, the standby will remain the new primary
appliance. A second failover will not occur.
Reboot times vary by the appliance model, and also by differences between the original
firmware and the firmware you are installing, which may require the installer to convert the
configuration and/or disk partitioning schemes to be compatible with the new firmware
version.
See also
•Installing firmware
•Configuring a high availability (HA) FortiWeb cluster
Installing alternate firmwareYou can install alternate firmware which can be loaded from its separate partition if the primary
firmware fails. This can be accomplished via the web UI or CLI.
If required ports are not available, HA port monitoring could inadvertently trigger an
additional failover and traffic interruption during the firmware update.