94 Fortinet Inc.
Managing an HA cluster High availability
Upgrading firmware
To upgrade the firmware of the FortiGate units in a cluster, you must upgrade the
firmware of each unit separately. In most cases, if you are upgrading to a new
firmware build within the same firmware version (for example, upgrading from 2.50
build069 to 2.50 build070), you can do firmware upgrades using the following
procedure and without interrupting cluster operation. This procedure involves
uploading a new firmware image to the primary unit. Once the firmware image is
uploaded, the primary unit restarts, running the new firmware version. When the
primary unit restarts, it is removed from the cluster, which fails over to a new primary
unit. During the failover, service might be interrupted if the cluster is very busy.
Because of this interruption and in case the firmware upgrade fails, you should do this
procedure only during off peak times when the cluster is not busy.
To upgrade the firmware version for all the units in a cluster
1 Copy the firmware image file to your management computer.
2 Connect to the cluster and log into the web-based manager as the admin
administrative user.
3 Go to System > Status.
4 Select Firmware Upgrade .
5 Enter the path and filename of the firmware image file, or select Browse and locate the
file.
6 Select OK.
The primary FortiGate unit uploads the firmware image file, upgrades to the new
firmware version, and restarts. When this happens the primary FortiGate unit is
removed from the cluster and one of the subordinate units becomes the new primary
unit. After the failover occurs you can log into the cluster again to connect to the new
primary unit.
7 Connect to the cluster and log into the web-based manager as the admin
administrative user.
8 Repeat steps 3 to 7 for each cluster unit.
Once the firmware upgrade is finished for all the FortiGate units in the cluster, log into
the cluster and update antivirus and attack definitions for the cluster. For information
about updating antivirus and attack definitions, see “Manually initiating antivirus and
attack definitions updates” on page 125.
Note: if you are upgrading to a new firmware version (for example, from 2.50 to 2.80) and in
some cases if you are upgrading to a new maintenance release of the same firmware version,
you must remove individual units from the cluster. For more information, see “Changing the
FortiGate firmware” on page 102.