Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
FortiKoala
Staff
Staff

Created on ‎07-17-2019 01:08 PM Edited on ‎04-18-2024 06:33 AM By Community Manager

Article Id 189619

Technical Tip: Upgrading FortiManager/FortiAnalyzer

Description

 

This article describes how to upgrade FortiManager/FortiAnalyzer firmware.

 

Scope

 

FortiManager.


Solution

 

Before Upgrading:

 

First, check the upgrade path to follow for FortiManager or FortiAnalyzer.

Also check the recommended FOS FMG and FAZ version and if possible, based on compatibility matrix, use the recommended one.

 

It is important to read the release notes which are also available from the Fortinet Customer Service & Support site (Support) at the same location from where it is possible to download the firmware image.

 

Once downloaded, review the special notices, upgrade information, product integration, and support, and resolve issues, known issues, and limitations. Also, always review the compatibility matrix tool  and product life cycle (software part).

 

Release notes can be also found at the below location:
Release notes FortiManager

Release notes FortiAnalyzer

 

Note: Although this activity itself does not delete any logs from the device, it is recommended to keep a regular backup of the logs/configuration before proceeding with any such activities. 

 

For other upgrade paths, see FortiManager Firmware Upgrade Paths and Supported Models.

 

To upgrade the firmware:

 

In System Settings -> Advanced -> Advanced Settings, enable Offline Mode.

Offline mode stops automatic firmware updates during the upgrade.

 

  •      Go to System Settings -> Dashboard.
  • In the System Information widget, go to the Firmware Version field, and select the Upgrade Firmware icon. 
  •      Connect to Fortinet Firmware Images And Software Releases and select the proper version of the file for the VM (KVM for KVM or Nutanix, VM without any other letter for ESxi, HV for Microsoft HyperV, AWS for Amazon, Xen for Citrix...) or select the proper HW.

download_a.png

 

download image2.png

 

  •      In the Firmware Upload dialog box, select Browse to locate the firmware package (.out file) downloaded from the Customer Service & Support portal, and select Open.
  •      Select OK.

The firmware image is uploaded. When the upgrade completes, a message confirms a successful upgrade.

It is recommended to view the console log output during the upgrade. See Checking FortiManager log output. When the login window displays, log into FortiManager.

 

When the upgrade completes, it can be necessary to refresh the web browser to see the login window.

 

In System Settings -> Advanced -> Advanced Settings, disable Offline Mode.

Review the System Settings -> Event Log for any additional errors. See Checking FortiManager events.

 

Optionally, it is possible to upgrade firmware stored on an FTP or TFTP server using the following CLI command:

 

execute restore image {ftp | tftp} <file path to server> <IP of server> <username on server> <password>

 

Note:

When upgrading firmware, all ADOMs (and Policy Package Versions, if ADOMs are disabled) remain at the same version after the upgrade. For information about upgrading ADOMs, see the FortiManager Administration Guide.       

 

Upgrading the device firmware can trigger an SQL database rebuild. New logs are not available until the rebuild is complete. The time required to rebuild the database depends on the size of the database. It is possible to use the below command to display the SQL log database rebuild status.

 

diagnose sql status rebuild-db

 

The following features are available until the SQL database rebuild is complete: FortiView, Log View, Event Management, and Reports.

 

Example:

The output is taken from the serial console.

 

kvm07_faz_703_test # execute restore image ftp /FAZ_VM64_KVM-v7.0.8-build0452-FORTINET.out 10.44.1.2 test1 test1
Start getting file from FTP Server...
Transferred 331.974M of 331.974M in 0:00:01s (180.323M/s)

Upgrade image from v7.0.3-build0254-220202(GA) to v7.0.8-build0452-230606

This operation will replace the current firmware version and reboot the system!
Do you want to continue? (y/n)y


rhodium-fmgfaz-kvm07_faz_703_test # The system is going down NOW !!

rhodium-fmgfaz-kvm07_faz_703_test # database server is shutting down.... OK
Upgrade image from v7.0.3-build0254-220202(GA) to v7.0.8-build0452-230606
Done

Please stand by while rebooting the system.
[3656122.286573] reboot: Restarting system


Initialize file systems...
Old version: v7.0.3-build0254 branchpt0254 220202 (GA)
New version: v7.0.8-build0452 branchpt0452 230606 (GA)

Upgrade database ... adom[18] dev[1] global[1]

Upgrading: Upgrade rtm db
Total 19 databases...
...upgrading progress is 1%, estimated remain time is 0s. (1/54 step1/2)

Upgrading: Upgrade user nsx
start to upgrade user nsx...

Upgrading: Update FortiAI platform name
Database upgrade finished, using 0m5s
Upgrading report config from version:7, patch:3, branch point:254
Exporting existing config... (step 1/4)
Exporting existing config took 1.121 seconds.
Initializing default config... (step 2/4)
Initializing default config took 9.481 seconds.
Upgrading existing config... (step 3/4)
Upgrading V7.0.3->V7.0.4...
Upgrading V7.0.4->V7.0.5...
Upgrading V7.0.5->V7.0.6...
Upgrading V7.0.6->V7.0.7...
Upgrading V7.0.7->V7.0.8...
Upgrading existing config took 1.929 seconds.
Importing upgraded config... (step 4/4)
Importing upgraded config took 4.965 seconds.
Upgrading report config completed, took 18.527 seconds.

 

kvm07_faz_703_test login: admin
Password:
rhodium-fmgfaz-kvm07_faz_703_test # get system status
Platform Type : FAZVM64-KVM
Platform Full Name : FortiAnalyzer-VM64-KVM
Version : v7.0.8-build0452 230606 (GA)
Serial Number :
BIOS version : 04000002
Hostname : kvm07_faz_703_test
Max Number of Admin Domains : 250
Admin Domain Configuration : Enabled
FIPS Mode : Disabled
HA Mode : Stand Alone
Branch Point : 0452
Release Version Information : GA
Current Time : Wed Jul 05 16:53:34 CEST 2023
Daylight Time Saving : Yes
Time Zone : (GMT+1:00) Brussels, Copenhagen, Madrid, Paris.
x86-64 Applications : Yes
Disk Usage : Free 72.11GB, Total 78.24GB
File System : Ext4
License Status : Valid

 

Note:

Although this activity does not delete any logs from the device, keeping a regular backup of the logs/reports/configuration is always recommended before proceeding with any such activities.

 

Related articles:

Technical Tip: How to upgrade an ADOM on FortiManager.

Technical Tip: How to check FortiManager database prior to upgrade.

Technical Tip: How to check upgrade path and upgrade details of FortiManager, FortiAnalyzer

Technical Tip: Backup and restore of FortiAnalyzer settings, logs, and reports

4187
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.