|
When a firewall displays a file system check message because it was not shut down properly, updating the HA cluster firmware through FortiManager could cause a network outage. See the article Technical Tip: File System check recommended message for examples of the file system check message and alternative ways to verify the file system check.
When the FortiManager triggers a FortiGate firmware upgrade and the file system check message is displayed on the firewall, by default, FortiManager reboots the firewall to perform the disk check as part of the upgrade process. In an HA cluster, the primary firewall is rebooted first. FortiManager then waits approximately five minutes before rebooting the secondary firewall.
Therefore, if the primary firewall does not come online within five minutes, there will be an outage as both the primary and secondary firewalls will be rebooted at the same time before the firmware upgrade begins.
As soon as the primary firewall is accessible after the reboot, FortiManager pushes the firmware image without confirming whether the secondary firewall is back online. Since a firewall with no other active cluster member will reboot and upgrade immediately in this case, this may result in only the primary firewall being updated while the secondary firewall remains on the old firmware version.
As a workaround, before performing a firmware upgrade, disable the disk check with the following FortiManager configuration:
config fmupdate fwm-setting
set check-fgt-disk disable
end
This disables FortiManager from triggering a disk check as part of the FortiGate upgrade.
As a best practice, trigger the disk check manually on the device showing the file system check message and allow the check to complete in advance of the upgrade. Note this causes the device undergoing the check to reboot, which will trigger a failover if executed on the primary cluster member.
This issue is scheduled to be fixed in the upcoming FortiManager v7.6.6. See Issue ID# 1217534 in FortiOS v7.4.8 | Known Issues.
|
