Description |
This article describes the upgrade procedure of the FortiAuthenticator HA cluster for individual nodes. |
Scope | FortiAuthenticator in HA pair configured as Active-Passive Cluster. Upgrade on each FortiAuthenticator cluster member individually from GUI. |
Solution |
The scenario is when a coordinated upgrade fails or is not possible, what are the best practices and how to avoid split brain.
Here it the two Fortiauthenticators on firmware version 6.5.1 and it is wanted to upgrade them to firmware version 6.5.3:
How to fix it?
Note: If choosing to reboot and it happens always before the upgrade starts on the secondary device it will cause an endless looping into a split-brain scenario.
Peer status:
FortiAuthenticator HA LB individual upgrade Tested in the lab from v6.4.6 to v6.6.0
Primary node upgrade.
Secondary node upgrade.
Cluster status after the upgrade is finished.
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.