In the past few months, there were quite a few urgent updates to be applied, I never delegated them and only did them when I can afford to spend several hours in case something goes bad, but I don't know why I never had an FW update go wrong, I am thinking now its time to delegate to the L2 helpdesk.
What's your take on this? what was your worst experience with Fortigate Firmware upgrades?
Generally the upgrades are smooth and don't take long. As abarushka mentioned, please check the release notes especially the known issues section to make sure you are not hitting any critical issues.
If you have a Cluster setup, you may break the cluster and upgrade nodes individually. Upgrade one node, move traffic to the upgraded node, monitor for sometime, if everything works fine upgrade the other node and join back in cluster.
If things are not stable after upgrade, move the traffic back to non-upgraded node and then downgrade the upgraded node.
FortiGate can boot from an alternate sector that contains the last firmware version right before this upgrade was done. Upgrade path is of course only the last step. If you have no upgrade paths to walk since you're always up-to-date on the branch, this is a like-snapshot way of restoring functionality.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.