Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ajinkyaach
New Contributor

Fortigate HA upgrade

Hi Team,

 

I have Fortigate in HA. I shut down one chassis and was running it as standalone for some time. During this time i upgraded active fortigate with 2nd chassis shut down.

 

Now i want bring up HA but my 2nd chassis is on older version.

 

My question is:

Do I need to break HA and upgrade 2nd chassis separately before connecting in HA again?

Or it will be get updated automatically if i power on?

6 REPLIES 6
amrit
Staff
Staff

Yea you need to break the HA and upgrade the passive unit. Once updated, attach the ha cable first and wait for the units to come in sync and then attach the network cables

Amritpal Singh
Toshi_Esumi
SuperUser
SuperUser

You don't have to disconnect HA heartbeat cable(s). Just need to shutdown(set status down) the interface(s) on the primary side. Then need to be unshut when it's upgraded and ready for config sync.

But I would be more careful about those in/out (wan/lan) cables/connections that need to be connected to switch(es), not to impact live traffic while booting up and upgrading the secondary. Shut down those ports from/to the secondary on the switch side until its upgraded and synced with the primary.

Also I would factory-reset the secondary before upgrading it.

 

Toshi

AlexC-FTNT
Staff
Staff

Do I need to break HA and upgrade 2nd chassis separately before connecting in HA again?

>> this is the best approach, but not always easy. As Toshi mentioned, there are other ways.

Or it will be get updated automatically if i power on? >> No

 

You can just try the upgrade once again directly,

or save the config, failover, and start the upgrade from the other unit (yes, units will reboot).


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
ajinkyaach
New Contributor

I think i will downgrade the active unit to same version on which down unit currently is and then power on passive unit. 

 

Then upgrade it in HA. Hopefully that will be more easy approach.

AlexC-FTNT

This is the least desirable path. 2 mentions here: 

1. in certain cases downgrade is may break the config. So downgrade, then restore config

2. your solution is based on the "hope" that it will work next time :) So, good luck! You have the steps to follow if it fails


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Toshi_Esumi

I would never trust FortiOS not to break the config database during downgrades. Of course, you have the current config backup with the current version before downgrade, so that if something break you can always go back to the current version, but you need to flush the boot drive, uploading the image, then uploading the backup config file.


But are those units located at a remote location(s)? Otherwise, it should be very easy to isolate the secondary unit to bring it up to the current version after a factory-reset. Besides, you said it was repurposed when it was standalone. So you have to change the cabling to form HA anyway.

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors