I have two FGT 310B configured in a HA AA Cluster. Attempting to upgrade the firmware from 4.2.1 to 4.2.2 through the GUI with no traffic interruption. It' s been over 2.5 hours since I uploaded new firmware and neither unit has rebooted. Uptime is still the same on each. I have a support ticket submitted, but no response yet.
Anyone have experience with HA firmware updates? I know I can break the HA and update them at the same time, but I' d rather do it with no interruption. How can I monitor the process?
The uniteruptable-upgrade process does take quite a long time, but 2.5 hours does not seem right, especially for a simple patch level upgrade.
Did you get a confirmation that the upload file uploaded correctly and upgrade was beginning. The fact that you can access the GUI seems to me that it didn' t.
as a measure of precaution, I recommend to always monitor the CLI via the console port during upgrades. In your case you should connect to the primary unit' s console port to see whether there are messages coming up. The ssh CLI doesn' t tell the whole story, not to mention the local log via GUI.
I' d suspect that the upgrade has died at some time. This is no regular behaviour esp. not for an A-A cluster. Try to re-initiate the upgrade and watch the messages.
If all fails you can break up the cluster by disconnecting one unit (quickly). This usually is not necessary as the cluster mgmt has improved vastly over the versions. This will mean traffic interruptions of course.
If you' ve upgrade the isolated unit, give it a high HA priority before reconnecting. Thus it will become the master unit and upgrade the other unit automatically.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.