About FGCP multi-version cluster upgrade

Question

Regarding the [FGCP multi-version cluster upgrade] feature,
Could you please confirm the following points regarding the behavior when upgrading using [secondary-only] mode?

■Confirmation
Is it possible to perform multiple, gradual upgrades of only the secondary FW in [secondary-only] mode?

■Expected Scenario
When upgrading from version 7.4.1 to 7.6.4, the following upgrade path is assumed:
• 7.4.1 → 7.4.3 → 7.6.0 → 7.6.2 → 7.6.4
In this case, considering the possibility of rollback, we would like to keep the primary FW at 7.4.1 for the time being and perform a total of four upgrades of only the secondary FW as described above.
After confirming operation on the secondary machine, we plan to upgrade the primary machine.

AEH · Answer

Hi @Tafotigate ,

The secondary-only mode allows you to upgrade the secondary member temporarily while the cluster remains in a multi-version cluster. Sessions and state sync continue, but configuration does not sync between different builds. (ref : https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/768800/fgcp-multi-version-cluster-upgrade).

However, the documentation does not state that multiple sequential upgrades on secondary alone are supported. This implies that secondary-only upgrades are for testing/validation before completing the cluster upgrade, not for a long chain of upgrades (following an upgrade path in your situation) while keeping the primary at older versions.

To avoid any problems , i suggest that you do to do the upgrade for each version on your upgrade path on the secondary , test it and do it on the primary , than go to the next patch and so on.

Best regards.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded