FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that when upgrading the BIOS version, the BIOS process appears to be unusually invasive and explains why it is necessary to choose the below options:
Break a production cluster.
Factory reset the configuration.
Shutdown of the chassis.
Restore configuration.
Console connection.
Scope
FortiGate-6000F.
Solution
Breaking a production cluster: BIOS is per box. There is no sync between primary and secondary.
Factory reset (wipeout of configuration): There is a timeout timer of 10 minutes. If the FortiGate's config is large, it can cause the timeout timer to be triggered, thus causing the BIOS upgrade to fail. Booting from a factory-reset configuration will ensure the timeout timer is not triggered if everything is healthy.
Shutdown chassis: A power cycle of the chassis is required. The BIOS update requires a cold reboot. The 'exec reboot' command is not sufficient. An administrator needs to shut down the box using the command 'exec shutdown' and power off the box from the PDU or by unplugging and re-plugging the power cords to the power supply.
Restore configuration: This is to restore FortiGate's configuration as before.
Console access: To monitor the upgrade process and if the system is booting up as expected.
Verify BIOS versions (from MBD & all FPCs): Make sure that all modules are using the correct version after the upgrade:
