Description
This article describes best practices to upgrade FortiGates with managed FortiSwitches with the FortiLink feature enabled.
Scope
All FortiGate devices upgrading v6.X to v7.X.
Solution
Due to changes and enhancements made to newer versions of the FortiLink feature in newer versions, FortiSwitch devices sometimes appear offline or network errors may occur while upgrading FortiGates from version 6.4.X or lower.
To prevent any issues, follow the steps below:
Use any R marked FOS-FSW combination according to this compatibility matrix.
Before starting any procedure, consider double-checking all FortiLink configurations are working as intended.
See the following community article for steps: Technical Tip: FortiSwitch is unable to get online on FortiGate Managed FortiSwitch GUI Menu
First, start upgrading the FortiSwitch units from the edge to the core. Try to update one unit at a time to avoid a failed upgrade procedure on other FortiSwitch units occurring due to uncontrolled STP transitions on the network.
Relevant article: Viewing and upgrading the FortiSwitch firmware version
Note 1: Enable FortiLink Split interface before upgrading MCLAG-ICL enabled FortiSwitches directly connected to a FortiGate, as MCLAG configuration may otherwise be lost during the upgrade process, causing a network loop.
The split interface feature in the FortiLink interface will prevent this from occurring.
Consider taking configuration file backups from these units for reference when updating related configurations later.
Start upgrading FortiGates to the desired target release.
Note 2: Review and update FortiLink interface settings, specially if target FortiOS relase is 7.6.1 and upwards, See the following guide for more information FortiLink Trunk failture after upgrading FortiOS with FortiLink-enabled FortiSwitches to 7.6.1
Note 3: From v6.4.5 and onwards, it is necessary to upgrade MCLAG-ICL configurations to use the new LLDP profile method following the updated best practices.
See the following guide for more information: Transitioning from a FortiLink split interface to a FortiLink MCLAG
This is necessary because FortiGate switch controllers now support configuring MCLAG links in the GUI.
Note 4: Upgrading MCLAG peer group switches from FortiSwitchOS v7.4.2 and earlier to FortiSwitchOS v7.4.3 and later requires a special procedure to minimize downtime: Special notices
Finally, update MCLAG trunks on servers and other non-FortiLink-enabled devices using the FortiSwitch controller menus in the Fortigate GUI: Adding 802.3ad link aggregation groups (trunks)
It may be necessary to log into the FortiSwitch CLI to clear the previous MCLAG trunks configuration on the units, which will enable them to be reconfigured in the FortiGate GUI: MCLAG
After completing the steps in this article, the Fortinet network will have been successfully upgraded and all FortiLink MCLAG-related configurations will be stored on the FortiGate switch controller.
Related documents:
FortiLink Compatibility
Technical Tip: FortiSwitch is unable to get online on FortiGate Managed FortiSwitch GUI Menu
https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801184/viewing-and-upgrading-th...
