Hi Team,
I have Fortigate in HA. I shut down one chassis and was running it as standalone for some time. During this time i upgraded active fortigate with 2nd chassis shut down.
Now i want bring up HA but my 2nd chassis is on older version.
My question is:
Do I need to break HA and upgrade 2nd chassis separately before connecting in HA again?
Or it will be get updated automatically if i power on?
Yea you need to break the HA and upgrade the passive unit. Once updated, attach the ha cable first and wait for the units to come in sync and then attach the network cables
You don't have to disconnect HA heartbeat cable(s). Just need to shutdown(set status down) the interface(s) on the primary side. Then need to be unshut when it's upgraded and ready for config sync.
But I would be more careful about those in/out (wan/lan) cables/connections that need to be connected to switch(es), not to impact live traffic while booting up and upgrading the secondary. Shut down those ports from/to the secondary on the switch side until its upgraded and synced with the primary.
Also I would factory-reset the secondary before upgrading it.
Toshi
Do I need to break HA and upgrade 2nd chassis separately before connecting in HA again?
>> this is the best approach, but not always easy. As Toshi mentioned, there are other ways.
Or it will be get updated automatically if i power on? >> No
You can just try the upgrade once again directly,
or save the config, failover, and start the upgrade from the other unit (yes, units will reboot).
I think i will downgrade the active unit to same version on which down unit currently is and then power on passive unit.
Then upgrade it in HA. Hopefully that will be more easy approach.
This is the least desirable path. 2 mentions here:
1. in certain cases downgrade is may break the config. So downgrade, then restore config
2. your solution is based on the "hope" that it will work next time :) So, good luck! You have the steps to follow if it fails
I would never trust FortiOS not to break the config database during downgrades. Of course, you have the current config backup with the current version before downgrade, so that if something break you can always go back to the current version, but you need to flush the boot drive, uploading the image, then uploading the backup config file.
But are those units located at a remote location(s)? Otherwise, it should be very easy to isolate the secondary unit to bring it up to the current version after a factory-reset. Besides, you said it was repurposed when it was standalone. So you have to change the cabling to form HA anyway.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.