|
Pre-Upgrade Checklist:
- Verify network connectivity: Ensure the FortiSIEM node has HTTPS (port 443) access to the following domains:
- os-pkgs-cdn.fortisiem.fortinet.com.
- os-pkgs-r8.fortisiem.fortinet.com.
Use the commands below to verify:
curl -vk os-pkgs-cdn.fortisiem.fortinet.com
curl -vk os-pkgs-r8.fortisiem.fortinet.com
This access is crucial for downloading necessary packages and updates during the upgrade process.
- Check disk space: Ensure that the root partition (/) has ample free space to accommodate the upgrade files and processes. Insufficient disk space can lead to upgrade failures or system instability.
It is possible to use 'df -h /' to monitor available space. Insufficient space during upgrades is a common failure point.
Check for fsmopt.tar.gz in the Root.
To check if fsmopt.tar.gz is consuming space:
cd /
ls -al | grep fsmopt
To free up space:
mv /fsmopt.tar.gz /data/cache/
ln -s /data/cache/fsmopt.tar.gz /fsmopt.tar.gz
A symbolic link is optional.
- Assess system health: Navigate to Admin -> Health -> Cloud Health within the FortiSIEM interface to confirm that all system components are in a 'Normal' state. Address any anomalies or issues before proceeding with the upgrade.
- Validate downloaded files: After downloading the upgrade archive from the Fortinet Support Portal, verify its integrity by checking the provided checksum. This step ensures that the file has not been corrupted or tampered with during the download process.
- Consider proxy configurations: If the environment uses a proxy server, be aware that certain upgrade operations may be affected. Refer to the Upgrade via Proxy section in the official documentation for detailed guidance on handling proxy-related scenarios.
- Review upgrade paths: Make sure to follow a supported upgrade path. For instance, if the current version is 7.2.5, it is necessary to upgrade to v7.3.1 or later first, as direct upgrades to v7.3.0 are not supported.
- Backup configuration: Perform a full backup of the FortiSIEM configuration and data before initiating the upgrade. This backup serves as a restore point in case any issues arise during the upgrade process:
- Make sure no disk is mounted on /data before upgrading the ClickHouse-based FortiSIEM deployment.
Command to verify:
df -h
To unmount, run:
umount /data
Remove the entry for /data from the /etc/fstab file to make the change persistent across reboots.
Note:
- If facing issues with the collector downloading the upgrade image, follow the steps below:
psql phoenixdb phoenix -c "select value from ph_sys_conf where property='Image_Download_Url';"
-
On the affected Collector, try a manual download:
cd /tmp
wget --no-check-certificate <URL from above psql command output>
- After the download is complete, move the file to '/opt/upgrade' after making sure the directory is empty. Remove any existing files and set the correct permissions:
chown -R root:admin /opt/upgrade/
chmod 664 /opt/upgrade/FSM_Upgrade_All_7.2.1_build0241.zip
md5sum /opt/upgrade/FSM_Upgrade_All_7.2.1_build0241.zip
Upgrade execution:
Monitor upgrade logs: During the upgrade, monitor the Ansible log file located at:
/usr/local/upgrade/logs/ansible.log
Review the end of this file for any errors or issues that may have occurred during the upgrade process.
Post-upgrade recommendations:
- Reassess System Health: After the upgrade, revisit Admin -> Health -> Cloud Health to ensure all components are functioning correctly and are in a 'Normal' state.
- Review System Logs: Examine system logs for any warnings or errors that may have arisen post-upgrade. Address any issues promptly to maintain system integrity.
Note: The estimated downtime for upgrading a Supervisor will depend on the resources of the SIEM node, but will range from approximately 1 to 1.5 hours.
Related documents:
FortiSIEM 7.3.4 Upgrade Guide
Compatibility Guide
FortiSIEM OS Update Procedure
Offline Installation and Upgrade Guide
Hardening FortiSIEM Security
Re-Image FortiSIEM Hardware
|
