| Description | This articles explains how upgrading the IPS Engine on a High Availability (HA) Cluster with FortiGate devices also upgrades FortiGate backups. |
| Scope | FortiGate. |
| Solution |
1) Note the following information before performing an IPS Engine upgrade.
The command below shows that IPS Engine 7.00043 is in use on the Primary FortiGate.
FGT_1 # diag autoupdate versions | grep -A 2 "IPS A"
FGT_1 # get sys status | grep HA
The following command is used to move to the secondary unit in an HA Cluster:
FGT_1 # exec ha manage 0 admin
FGT_2 # get sys status | grep HA
FGT_2 # diag autoupdate versions | grep -A 2 "IPS A"
All units in the HA Cluster are running the same IPS Engine 7.00043.
Go to System -> FortiGuard -> Intrusion Prevention -> Actions -> Upgrade Database -> Select file -> Upload the IPS Engine and select 'OK'.
Once the IPS Engine has been upgraded successfully, use the below command to restart the ipsmonitor process:
# diag test application ipsmonitor 99
3) After IPS Engine upgrade.
FGT_1 # get sys status | grep "Version:\|HA"
FGT_1 # diag autoupdate versions | grep -A 2 "IPS A"
FGT_1 # exec ha manage 0 admin
FGT_2 # get sys status | grep "Version:\|HA"
FGT_2 # diag autoupdate versions | grep -A 2 "IPS A"
The above output shows that IPS Engine 7.00044 is running on both units of HA Cluster. Note that upgrading the IPS Engine on a Primary unit automatically upgrades it on the second unit as well.
All FortiOS images come with built-in ipsengines. In case FortiOS firmware is upgraded and target build has the same version of ipsengine as current FortiOS build, it is necessary to reload ipsengine after a firmware upgrade.
Related article: |
