Hello;
Im planning to update an HA Active Passive.
Does both Fortigate must be in the same OS? Or will it be possible to see if I have both on different OS and test the stability of one Fortigate update and later on give the other one the update? Or both must be executed the same day and they must be in the same FortiOS?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
refer the article to FortiGate HA upgrade procedure and the status during the upgrade.: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-HA-upgrade-procedure-and-the-sta...
It's described in the KB, but the shorter answer is if you upgrade an HA cluster in sync, it upgrades the secondary(ies) first, then only after that part is done, the primary role is swapped then the previous primary upgrades. After that, they decide which one should take the primary role and the new (or old) secondary syncs with the primary. So at the end, both would have the same version.
This is automatic process without any admin user intervention once started.
If you want to do it separately, you have to separate units/break the HA, then you can upgrade either one of them you want. But obviously you have to take care that the unintended unit doesn't interfere the intended unit's operation by isolating in/out interfaces at the switches.
Putting the second one back in sync after upgrading it to be the same version with the active one shouldn't be any trouble for you. Just don't forget to normalize the in/out interfaces after sync.
Toshi
I forgot to mention you have to shutdown the HA heartbeat interface(s) on one side after isolating the unintended unit, not to communicate each other, when you separate them.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.