Technical Tip: FortiAuthenticator HA cluster firmware upgrade

• In a FortiAuthenticator cluster, there is an internal network that is configured to communicate with cluster members. It is called the HA management network. The default is 192.168.15.x/24 network. A PC is required in the same network which has the FortiAuthenticator firmware image that we need to upgrade to.
• HTTPS access is required to the management IPs on each of the cluster members. It should be done after hours as there will be a downtime, due to the reboot. Make sure to document test cases before the upgrade (or any change).
  For example, machine authentication, wireless authentication, guest user portal, RADIUS authentication, FTM push etc.
  Document these and how they are working.
  After the upgrade - test the same cases again and see if a test case is not working (compare that before the upgrade was working).
   

The upgrade of the cluster comes in 2 modes:

• Active - Passive.
• Active - Active.

The upgrade process seen here is for the Active passive setup as they share the same internal network.

1. Initiate the firmware upgrade from the active member rest of the process is coordinated and synchronized, and the sequence is below.
2. The firmware image is transferred to a standby member.
3. The firmware is upgraded on the standby member.
4. The standby member is rebooted and synchronized with the active member.
5. The standby member is the new active device, and firmware is upgraded on the former active device.
6. Former active member reboots and synchronizes with new active device.
7. Former active member becomes the active device and former standby devices become the standby device.

Technical Tip: FortiAuthenticator HA cluster upgrade procedure for individual nodes in case coordinated upgrade fails

Technical Tip: Best practices for upgrading FortiAuthenticator cluster in Load-Balancer Mode