Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gfubrad
New Contributor

Firmware upgrade to HA Cluster taking long time

I have two FGT 310B configured in a HA AA Cluster. Attempting to upgrade the firmware from 4.2.1 to 4.2.2 through the GUI with no traffic interruption. It' s been over 2.5 hours since I uploaded new firmware and neither unit has rebooted. Uptime is still the same on each. I have a support ticket submitted, but no response yet. Anyone have experience with HA firmware updates? I know I can break the HA and update them at the same time, but I' d rather do it with no interruption. How can I monitor the process?
4 REPLIES 4
doshbass
New Contributor III

The uniteruptable-upgrade process does take quite a long time, but 2.5 hours does not seem right, especially for a simple patch level upgrade. Did you get a confirmation that the upload file uploaded correctly and upgrade was beginning. The fact that you can access the GUI seems to me that it didn' t.
Still learning to type " the"
Still learning to type " the"
ede_pfau
Esteemed Contributor III

hello, as a measure of precaution, I recommend to always monitor the CLI via the console port during upgrades. In your case you should connect to the primary unit' s console port to see whether there are messages coming up. The ssh CLI doesn' t tell the whole story, not to mention the local log via GUI. I' d suspect that the upgrade has died at some time. This is no regular behaviour esp. not for an A-A cluster. Try to re-initiate the upgrade and watch the messages. If all fails you can break up the cluster by disconnecting one unit (quickly). This usually is not necessary as the cluster mgmt has improved vastly over the versions. This will mean traffic interruptions of course. If you' ve upgrade the isolated unit, give it a high HA priority before reconnecting. Thus it will become the master unit and upgrade the other unit automatically.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
omkam
New Contributor II

I am facing similar issue. While upgrading from 6.4.7 to 6.4.9, It is taking too long to upload the firmware. FortiGate is standalone. No logs are getting generated as firewall is still not rebooted.

 

FortiGate: 80F 

Omkar
Omkar
ede_pfau
Esteemed Contributor III

Maybe this will help you:

when I experienced such a hanging update, I connected to the console port (serial, 8N1 9600 baud). Exactly when I connected (without login), the process resumed and the update went through.

 

If not, reboot the FGT, and restart the upgrade, this time while watching the console port.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors