Description
This article describes best practices to upgrade FortiGates with managed FortiSwitches with the FortiLink feature enabled.
Scope
All FortiGate devices upgrading FortiOS from 6.X to 7.X.
Solution
Due to changes and enhancements made to newer versions of the FortiLink feature in newer versions, FortiSwitch devices sometimes appear as offline or network errors may occur while upgrading FortiGates from version 6.4.X or lower.
To prevent any issues, follow the steps below:
Use any R marked FOS-FSW combination according to this compatibility matrix.
Before starting any procedure, consider double-checking all FortiLink configurations are working as intended.
See the following community article for steps:
https://community.fortinet.com/t5/FortiSwitch/Fortiswitch-device-unable-to-get-online-on-Fortigate-M...
First, start upgrading the FortiSwitch units from the edge to the core. Try to update one unit at a time to avoid a failed upgrade procedure on other FortiSwitch units occurring due to uncontrolled STP transitions on the network.
Relevant article:
https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801184/viewing-and-upgrading-th...
Important: Enable FortiLink Split interface before upgrading MCLAG-ICL enabled FortiSwitches directly connected to a FortiGate, as MCLAG configuration may otherwise be lost during the upgrade process, causing a network loop.
The split interface feature in the FortiLink interface will prevent this from occurring.
Consider taking configuration file backups from these units for reference when updating related configurations later.
Next, start upgrading FortiGates to the desired target release.
From 6.4.5 and onwards, it is necessary to upgrade MCLAG-ICL configurations to use the new LLDP profile method in accordance with the updated best practices.
See the following guide for more information:
https://docs.fortinet.com/document/fortiswitch/6.4.5/devices-managed-by-fortios/801208/transitioning...
This is necessary because FortiGate switch controllers now support configuring MCLAG links in the GUI.
Finally, update MCLAG trunks on servers and other non-FortiLink-enabled devices using the FortiSwitch controller menus in the Fortigate GUI:
https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801170/adding-802-3ad-link-aggr...
It may be necessary to log into the FortiSwitch CLI to clear previous MCLAG trunks configuration on the units, which will enable them to be reconfigured in the FortiGate GUI.
https://docs.fortinet.com/document/fortiswitch/7.2.3/administration-guide/860027/mclag
After completing the steps in this article, the Fortinet network will have been successfully upgraded and all FortiLink MCLAG related configurations will be stored on the FortiGate switch controller..
Related documents:
https://docs.fortinet.com/document/fortiswitch/7.2.2/fortilink-compatibility
https://community.fortinet.com/t5/FortiSwitch/Fortiswitch-device-unable-to-get-online-on-Fortigate-M...
https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801184/viewing-and-upgrading-th...
