Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor

Upgrading Firmware failed

Good day,

I ran the upgrade via the GUI and the secondary upgraded successfully but the primary failed to upgrade.

HA1 Primary is synced and HA2 Secondary is not synced.

I have tried to upgrade the firmware on the Primary again but it keeps failing due to the sync issue.

I am new to Fortigates and not sure what I need to do next to resolve? should I downgrade the secondary to 7.2.2 and try the upgrade again?


Thanks

8 REPLIES 8
jintrah_FTNT
Staff
Staff

Hi,

We should get both the firewalls on same version before upgrading the cluster. Is the upgraded secondary unit acting as slave? If so, we could reboot the unit with previous version and allow it to join cluster, and later after sync, the upgrade can be attempted again.

But if the upgraded unit is now the master, we may remove old master from cluster(power down, and remove all network cables), upgrade it separately to same version as that of the new master, and then connect the heartbeat port to allow it to sync, and later connect back other network cables.

 

Best regards,

Jin

julianhaines

Hi,

Thanks for the information, the cluster is Active-Active, HA1 is the primary is on Firmware 7.2.2 and Synced, HA2 is the secondary 7.2.4 and not-synced.

I have two internet connections one connected to HA1 only and the other connected to HA2 each used of a different function.

Because of my limited experience with FortiGate I don’t want to do anything that can cause any downtime.

 

Would it be better based on this to downgrade the secondary HA2 to get back in sync and then try the upgrade again?

julianhaines
New Contributor

Also I tried to upgrade HA1 primary via the CLI connected via Serial and it failed due to not being in synced. The error was "HA1 Image Sync error, timeout for sync image with HA secondary return code -1"

julianhaines

isamt
Contributor

You may run into problems trying to downgrade the firmware as the master is already on that firmware.

I would say you have two choices:

 

1. Shut-down HA2, upgrade HA1 then power-on HA2.

     This would of course mean an outage when HA1 reboots to complete the firmware update.

 

2. Fail-over so HA2 is primary. Disconnect cables to HA1 and upgrade, then re-connect cables.

    There should be no outage with this method.

julianhaines

Thanks for the advice it helps a lot, in your experience which would you do option 1 or 2?

isamt
Contributor

I have had the same issue quite a few times where the slave has upgraded but the master has not.

If you are on site or have someone on site I would use method1. Means an outage when it reboots but if you find that the master has some other issue preventing it from upgrading then you can power that off and disconnect and power up the slave which will take over as the master. Plus there's no need to disconnect any cables.

atonalwilson
New Contributor

It performs different functions, like basic I/O tasks, and offers instructions to a device to communicate with other devices. When we hear the term Firmware, most of us relate it to the computer and think that it is only a part of the computer. But this is not the case. Devices such as keyboard, mouse, router, TV remote, camera, etc., have firmware installed on their hardware. Companies release firmware updates from time to time. Installing these updates is mandatory as they help improve device performance. Sometimes, a firmware update fails due to some reasons. In this article, we will talk about some common firmware update failed errors in Windows 11/10. We will also see the solutions to fix such errors.

Labels
Top Kudoed Authors