| Description | This article describes how to upgrade a HA virtual cluster mode with VDOM partitioning configured between three FortiGates where each FortiGate is the active device for one of the VDOMs. |
| Scope | FortiGate v7.2.x and above. |
| Solution |
In this scenario, three FortiGates are configured as a cluster with VDOM Partitioning and each one of them is the primary device for each of the three VDOMs (root, PROD, and TEST). During the upgrade process, each FortiGate will be rebooted and its active VDOM will become active in another FortiGate until the upgrade process is complete.
FortiGate called FW-PRI has the root VDOM active, FW-SEC has PROD VDOM active, and finally, FW-THI has TEST VDOM active.
This can be checked under System -> HA.
Step 1: Go to System -> Fabric Management, select FortiGate, and select Upgrade.
Step 2: In this example, proceed with a manual upgrade by uploading the FortiOS file, but this is not necessary. The automatic upgrade can be used as well. Select File Upload -> Browse, then select the file. Select Continue.
Step 3: Wait for the process to finish, the FortiGate GUI will only show a message Validating and installing the image, the console access can be used to check the progress.
Note: FW-SEC and FW-THI are being upgrading at the same time, only FW-PRI is active at this stage. If the total traffic of the three VDOMs combined is higher than the FortiGate specs the FortiGate will not be able to handle the total traffic and the process will fail.
Step 4: FW-PRI is being upgraded, FW-SEC and FW-THI are sharing the three VDOMs traffic between them, according to the priority values FW-SEC is the primary for root and PROD VDOMs and FW-THI is the primary for TEST.
After FW-PRI reboot the HA status is back to normal.
Related article: Technical Tip: Configuring HA virtual cluster with VDOM Partitioning |
