FortiSIEM Discussions

Seeking upgrade plan preperations review.

Upgrade steps of supervisor and workers to 7.1.7 from 7.1


Here is what I have does this make sense? Would appreciate your reeview .


  1. Pre-Upgrade Preparation:
  2. Backup Configurations and Data:
    • Ensure all critical data and configurations are backed up.
  3. Review Release Notes:
    • Examine the release notes for FortiSIEM 7.1.7 to understand new features, changes, and any known issues.
  4. Verify System Requirements:
    • Confirm that your hardware and software meet the requirements for version 7.1.7.
  5. Plan for Downtime:
    • Schedule the upgrade during a maintenance window to minimize operational impact.
  1. Upgrade Procedure:

    Upgrade the Supervisor:

        The Supervisor must be upgraded first.

        Ensure all Workers are shut down before proceeding with the Supervisor upgrade.

        Fortinet Documentation

    Upgrade the Workers:

        After the Supervisor is successfully upgraded, proceed to upgrade all existing Workers.

        The Supervisor and Workers must be on the same version.

        Fortinet Documentation

    Upgrade the Collectors:

        Older Collectors will work with the upgraded Supervisor and Workers.    You can decide to upgrade Collectors to get the full feature set in the new version after you have upgraded all Workers.

Upgrade Procedure:

  1. Stop Worker Processes:

                 On each Worker node, stop backend processes:

systemctl stop phxctl

phtools --stop all

                Do not shut down or reboot the Workers at this stage.

  1. Upgrade the Supervisor:

To upgrade the Supervisor, take the following steps.

  1. Login to the Supervisor via SSH.
  2. Create the path /opt/upgrade.
    mkdir -p /opt/upgrade
  3. Download the upgrade zip package, then upload it to the Supervisor node under the /opt/upgrade/ folder.
    Example (From Linux CLI):
    scp root@
  4. Go to /opt/upgrade.
    cd /opt/upgrade
  5. Use 7za to extract the upgrade zip package.
    Note: 7za replaces unzip for FortiSIEM 7.1.0 and later to avert unzip security vulnerabilities.
    7za x
  6. Go to the FSM_Upgrade_All_7.1.7_build0187 directory.
    cd FSM_Upgrade_All_7.1.7_build0187
    1. Run a screen.
      screen -S upgrade
Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
Contributor II

Hi @KarlH,


Are you upgrading VMs or hardware instances? Do you use ClickHouse? 


On VMs, do a snapshot before upgrading.


Also, do not shut down the workers, but do stop the processes. If you shut them down, you may run into severe trouble with the link to the supervisor after upgrading it.


Make sure, you have unlimited internet connection for the instance you are upgrading.


For ClickHouse, there are some additional steps, I can share, if you need them.




FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner

Hi Christian

No Clickhouse all are VM's current SIEM's  versions are 6.7 and 7.1.3


I am hoping  to find out any other potential issues and how to prepare for them , also any testing steps afterwarard to verify that the upgrade was a sucess.

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP