Managing an HA cluster

High availability

 

 

4Repeat steps 2 and 3 for all the subordinate units in the HA cluster.

Upgrading firmware

To upgrade the firmware of the FortiGate units in a cluster, you must upgrade the firmware of each unit separately. In most cases, if you are upgrading to a new firmware build within the same firmware version (for example, upgrading from 2.50 build069 to 2.50 build070), you can do firmware upgrades using the following procedure and without interrupting cluster operation. This procedure involves uploading a new firmware image to the primary unit. Once the firmware image is uploaded, the primary unit restarts, running the new firmware version. When the primary unit restarts, it is removed from the cluster, which fails over to a new primary unit. During the failover, service might be interrupted if the cluster is very busy. Because of this interruption and in case the firmware upgrade fails, you should do this procedure only during off peak times when the cluster is not busy.

Note: if you are upgrading to a new firmware version (for example, from 2.50 to 2.80) and in some cases if you are upgrading to a new maintenance release of the same firmware version, you must remove individual units from the cluster. For more information, see “Changing the FortiGate firmware” on page 94.

To upgrade the firmware version for all the units in a cluster

1Copy the firmware image file to your management computer.

2Connect to the cluster and log into the web-based manager as the admin administrative user.

3Go to System > Status.

4Select Firmware Upgrade .

5Enter the path and filename of the firmware image file, or select Browse and locate the file.

6Select OK.

The primary FortiGate unit uploads the firmware image file, upgrades to the new firmware version, and restarts. When this happens the primary FortiGate unit is removed from the cluster and one of the subordinate units becomes the new primary unit. After the failover occurs you can log into the cluster again to connect to the new primary unit.

7Connect to the cluster and log into the web-based manager as the admin administrative user.

8Repeat steps 3 to 7 for each cluster unit.

Once the firmware upgrade is finished for all the FortiGate units in the cluster, log into the cluster and update antivirus and attack definitions for the cluster. For information about updating antivirus and attack definitions, see “Manually initiating antivirus and attack definitions updates” on page 119.

86

Fortinet Inc.

Page 86
Image 86
Fortinet FortiGate-800 manual Upgrading firmware, Go to System Status