Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spoojary
Staff
Staff

Created on ‎09-21-2023 05:30 AM Edited on ‎09-21-2023 07:57 AM By Staff

Article Id 275048

Technical Tip: New FGCP Cluster Upgrade Mode

Description This article shows the change in the upgrade mode while in HA.
Scope FortiGate.
Solution

Overview: The new FGCP cluster upgrade mode offers administrators greater manual control during the upgrade process. The core objective of this mode is to ensure smooth traffic through the upgraded member by allowing it to operate temporarily in a multi-version cluster (MVC).

 

Key Features:

  1. Multi-Version Cluster (MVC): Allows HA members to run in different software versions temporarily during the upgrade process.
  2. Manual Control: Administrators can select which cluster member to upgrade and can then test traffic through the upgraded member.
  3. Upgrade Mode Variants: In the newer version, administrators can choose from several upgrade modes.

 

In version 7.4.0 of the FortiGate, there were only two modes that are enable and disable.

 

haaaaaaaaaaaa.PNG

 

config system ha
    set uninterruptible-upgrade {enable | disable}
end

 

In Version 7.4.1 the command has been changed to 'upgrade-mode'.

 

hahahah.PNG

 

config system ha

    set upgrade-mode {simultaneous | uninterruptible | local-only | secondary-only}

end

 

Upgrade Modes Explained:

  1. Simultaneous: All cluster members are upgraded concurrently.
  2. Uninterruptible: Upgrade takes place without any interruptions.
  3. Local-only: Upgrades the specific local cluster member. Sessions are then synchronized to this member. Administrators can manually switch and test traffic on this upgraded member while the cluster remains in MVC.
  4. Secondary-only: Only the secondary cluster member gets upgraded. After synchronization, administrators can manually switch and check traffic. The primary unit can be manually upgraded post-testing.

 

Workflow for local-only and secondary-only modes:

  1. Set the desired upgrade mode (either local-only or secondary-only).
  2. The specified cluster member will be upgraded.
  3. Sessions are synchronized to the upgraded member.
  4. Administrators can manually switch to the upgraded member to confirm that traffic is flowing smoothly.
  5. Once satisfied, administrators can proceed to upgrade the other cluster members.

 

Note: 

The new FGCP cluster upgrade mode in version 7.4.1 and later offers a more flexible and controlled upgrade approach, allowing administrators to ensure a smooth traffic flow during and after the upgrade.

 

Related document:

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/768800/fgcp-multi-version-cluster-up... 
Labels:
2082
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.