Description

This article describes the FortiGate 6K Chassis firmware graceful upgrade timeout and how to adjust it under certain conditions.

Scope

FortiGate 6k Chassis.

Solution

During an upgrade with the default HA settings (uninterruptible-upgrade enabled), the Primary device sends the firmware image to the Secondary device and waits for the Secondary to complete its upgrade so it can assume the Primary role while the previous Primary upgrades.

In certain scenarios, such as large configuration size or extended blade recovery times especially in the  Chassis model, it may be beneficial to increase the timeout value to allow the primary unit to wait for the secondary unit to complete its upgrade else the Secondary unit will still be in restarting/upgrade phase, the Primary unit upgrades itself without failover, causing potential traffic disruption.

config system ha
    set uninterruptible-primary-wait 50
end

Note: 

Graceful upgrade of a FortiGate-6000 or 7000 FGCP HA cluster is not supported when upgrading from v7.0.12(and below) to v7.2.5/v7.2.6.

Firmware upgrades on a FortiGate-6000 or 7000 FGCP HA cluster from v7.0.12 to v7.2.5/7.2.6 should be scheduled during a maintenance window, since traffic may be disrupted.

Before upgrading the firmware, disable uninterruptible-upgrade. Then perform a normal firmware upgrade. 

Starting from v7.0.13 uninterruptible-upgrade is supported, so if the target version is v7.2.5/v7.2.6 or higher, first upgrade to 7.0.13, and then perform the upgrade to v7.2