Technical Tip: How to upgrade a FortiAuthenticator Active-Passive HA cluster, single mode
Description
This article describes how to upgrade a FortiAuthenticator High Availability cluster in single mode.
Scope
FortiAuthenticator on an HA cluster.
Solution
The slave unit is administratively reachable through HTTPS only from the IP of an Active-Passive HA cluster member. If the port used for the HA communication is Port4, the Port4 subnet must be reachable from the FortiAuthenticator administrator workstation to launch the upgrade process on the secondary unit.
Connect to the FortiAuthenticator Master unit and select the Upgrade option on the dashboard.
Select Browse to upload the new firmware image and select OK. The following confirmation dialog box will appear. Select OK.
The example in this article will use a Single upgrade. Select Backup and Upgrade. A config backup will be downloaded.
After a few seconds, the firmware upgrade will start.
Starting from this point, the secondary member will assume the production traffic while the master reboots to complete the upgrade process. Expect the transfer of the production network traffic back to the old master unit to take approximately 5 minutes.
To upgrade the secondary HA member, connect to the device using the HA cluster member IP address as defined in the GUI menu below. After, perform the previous steps to upgrade the firmware.
Wait 5 minutes until the slave finishes the upgrade process and the HA cluster rebuild is complete.
Connect both HA cluster members and check the HA status on the dashboard widget to verify that the FortiAuthenticator HA cluster is formed and stable.
Additionally, HA-related logs can be checked on both HA cluster members through Logging -> Log Access -> Logs to make sure the nodes have joined the cluster.