- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Cluster HA ( high availability) fortigate 80C ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cluster HA ( high availability) fortigate 80C , which is more stable FortiOS version 5.0.1
I have a FTG80C in working environment, And I will enter an additional FTG80C. I wonder if someone already set an active-active HA (High Availability) cluster with firmware 5.2.2 over fortigate´s 80C and are an stable solution, or what kind of bugs are find out additional to FTG80C documented on fortinet knowledge base; Does firmware 5.2.2 overwhelm hardware limits of ftg80´s in HA ?, and which one more stable firmware do you recommend to my HA cluster of FTG80C: 5.09, 5.0.11 or 5.2.2 Note: UTM configuration an VPN´s are already using half or my hardware resources on my stand alone FTG80C configuration over a fortios 4.0 MR3 patch 10, I am supporting around 60 LAN user´s 5 VPN IP-sec connections, with medium traffic.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
From the given information i can understand that fortigate unit is already consuming more hardware resources, first you need to fix that, you can identify which process is consuming high memory/cpu using below command
diag sys top 4 30 (press 'q' stop)
As such there is no particular bugs are reported on 80C, i recommend to upgrade the firrmware version to 5.0.9
Make sure to connect the console port for both the units when upgrading and capture all the messages
And also please follow steps
4.0 MR3 patch10 -> 4.3.11 -> 4.3.18 -> 5.0.7 -> 5.0.9 or: 4.0 MR3 patch10-> 4.3.11 -> 4.3.18 -> 5.0.7 -> 5.2.2 My recommendation is to upgrade to 5.0.9 If you will backup the config file before and after each upgrade and you will use the right firmware image for 80C,you should not have any issue. Please just make sure you also don t have high CPU/memory on the firewall before upgrading the unit. Upgrade Path: http://docs.fortinet.com/...-Upgradepath.pdf General upgrade recommendations: Before performing any upgrade, and particularly when upgrading between MR versions, it is *absolutely essential* to read all relevant Release Notes documents for all versions in the upgrade path. These are short, but important documents. Release Notes documents for each firmware version are located in the same folder of Fortinet Download area, as firmware image files. Release notes explain which upgrade path you should follow. You may download Firmware Images here (customer login needed): [link]https://support.fortinet.com/ [/link] go to "Download" > "Firmware Images" > "FortiGate" Also, *before and after* any upgrade, *always backup your current config file*, so that you will keep a safe way back. If you have multiple upgrade steps, please backup after each firmware release is installed. The Fortinet Documentation website provides detailed instructions for installation and upgrade: [link]http://docs.fortinet.com/ [/link] Firmware Upgrade Document http://kb.fortinet.com/kb...0%200%2045196244 HIGH AVAILABILITY (HA) UPGRADES Please refer to the HA Guide for information on the upgrade procedures for HA configurations. HA Guide MR3 : http://docs.fortinet.com/...te-ha-40-mr3.pdf When operating in an HA cluster, FortiGate devices can be upgraded automatically with the HA option "uninterruptable-upgrade" which is enabled by default. The advantages of the uninterruptable upgrade process are: - Allows the Administrator to upgrade all devices of a cluster in a single operation (from the GUI, click Dashboard --> Status --> Firmware Version --> upgrade). - It upgrades (all) Slave(s) unit(s) before upgrading the Master, making the necessary failover for a minimum downtime. Please ensure you backup the configuration file before each upgrade. Please do go through the release notes before any upgrade. Kindly refer you to follow the steps from this KB document: http://kb.fortinet.com/kb...0%200%2039132136 or from this one,if you prefer the manual upgrade procedure of a FortiGate HA cluster http://kb.fortinet.com/kb...0%200%2045256491
let me know how you proceed
EMEA Technical Support
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
From the given information i can understand that fortigate unit is already consuming more hardware resources, first you need to fix that, you can identify which process is consuming high memory/cpu using below command
diag sys top 4 30 (press 'q' stop)
As such there is no particular bugs are reported on 80C, i recommend to upgrade the firrmware version to 5.0.9
Make sure to connect the console port for both the units when upgrading and capture all the messages
And also please follow steps
4.0 MR3 patch10 -> 4.3.11 -> 4.3.18 -> 5.0.7 -> 5.0.9 or: 4.0 MR3 patch10-> 4.3.11 -> 4.3.18 -> 5.0.7 -> 5.2.2 My recommendation is to upgrade to 5.0.9 If you will backup the config file before and after each upgrade and you will use the right firmware image for 80C,you should not have any issue. Please just make sure you also don t have high CPU/memory on the firewall before upgrading the unit. Upgrade Path: http://docs.fortinet.com/...-Upgradepath.pdf General upgrade recommendations: Before performing any upgrade, and particularly when upgrading between MR versions, it is *absolutely essential* to read all relevant Release Notes documents for all versions in the upgrade path. These are short, but important documents. Release Notes documents for each firmware version are located in the same folder of Fortinet Download area, as firmware image files. Release notes explain which upgrade path you should follow. You may download Firmware Images here (customer login needed): [link]https://support.fortinet.com/ [/link] go to "Download" > "Firmware Images" > "FortiGate" Also, *before and after* any upgrade, *always backup your current config file*, so that you will keep a safe way back. If you have multiple upgrade steps, please backup after each firmware release is installed. The Fortinet Documentation website provides detailed instructions for installation and upgrade: [link]http://docs.fortinet.com/ [/link] Firmware Upgrade Document http://kb.fortinet.com/kb...0%200%2045196244 HIGH AVAILABILITY (HA) UPGRADES Please refer to the HA Guide for information on the upgrade procedures for HA configurations. HA Guide MR3 : http://docs.fortinet.com/...te-ha-40-mr3.pdf When operating in an HA cluster, FortiGate devices can be upgraded automatically with the HA option "uninterruptable-upgrade" which is enabled by default. The advantages of the uninterruptable upgrade process are: - Allows the Administrator to upgrade all devices of a cluster in a single operation (from the GUI, click Dashboard --> Status --> Firmware Version --> upgrade). - It upgrades (all) Slave(s) unit(s) before upgrading the Master, making the necessary failover for a minimum downtime. Please ensure you backup the configuration file before each upgrade. Please do go through the release notes before any upgrade. Kindly refer you to follow the steps from this KB document: http://kb.fortinet.com/kb...0%200%2039132136 or from this one,if you prefer the manual upgrade procedure of a FortiGate HA cluster http://kb.fortinet.com/kb...0%200%2045256491
let me know how you proceed
EMEA Technical Support
Related Posts
- upd_act_update[515]-won't retry due to install error 213 Views
- System file integrity check failed 182 Views
- Unable to Block Artificial Intelligence Category 209 Views
- How to chnage tls version for... 298 Views
- Cisco Multicast Ping ICMP reply not... 185 Views
Labels
-
FortiGate
6,451 -
FortiClient
1,288 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.