hi,
i recently did a HA firmware upgrade following an upgrade path.
the selection of HA primary kept changing due to high uptime.
my question is, do i need to keep "forcing" back HA to original primary or just proceed to upload the firmware on the current primary (secondary unit).
the serial with 795 is the original primary/active and 836 is the secondary/passive.
# get system ha status
HA Health Status: OK
Model: FortiGate-xxF
Mode: HA A-P
Group Name: xxFW01_CLUSTER
Group ID: 0
Debug: 0
Cluster Uptime: 264 days 9:33:6
Cluster state change time: 2024-10-03 15:04:23
Primary selected using:
<2024/10/03 15:04:23> vcluster-1: FGxx836 is selected as the primary because its uptime is larger than peer member FGxx795.
<2024/10/03 15:01:40> vcluster-1: FGxx836 is selected as the primary because it's the only member in the cluster.
<2024/10/03 15:01:31> vcluster-1: FGxx836 is selected as the primary because UPGRADE_SECONDARY flag is set on peer member FGxx795.
<2024/10/03 14:59:19> vcluster-1: FGxx795 is selected as the primary because UPGRADE_PRIMARY flag is unset on peer member FGxx836.
ses_pickup: disable
<SNIP>
vcluster 1: work 169.254.0.1
Primary: FGxx836, HA operating index = 0
Secondary: FGxx795, HA operating index = 1 <<< THIS IS THE ORIGNAL PRIMARY, KEPT DOING "execute ha failover set 1" IN SERIAL WITH 836 THEN UPGRADE/UPLOAD FIRMWARE TO ORIGINAL PRIMARY
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You can proceed with upgrade process via GUI regardless of the serial number of the original primary/active.
BR
Hello @johnlloyd_13
You can proceed with the upgrade via GUI, no issue is expected.
However, please take backup configuration in any case.
Articles:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-Practices-for-firmware-upgrades-and/t...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Upgrading-HA-virtual-cluster-with-VDOM/ta-...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-HA-upgrade-procedure-and-the-sta...
BR
hi,
so i keep going with the upgrade path and upload the firmware file on the "primary" role regardless of the serial number of the original primary/active?
note there's no HA override or pre-empt in our environment.
Hi,
You can proceed with upgrade process via GUI regardless of the serial number of the original primary/active.
BR
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1516 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.