Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: active-passive firmware upgrade
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
active-passive firmware upgrade
Hi All,
I wonder if you can help me.
I' ve got two Fortigate 110C boxes running in an active-passive cluster.
They are on the firmware 3.0 and I' d like to upgrade them to 4.0 MR3.
I know that I can' t jump directly from 3.0 to 4.0 MR3 and will have to do it step by step, but I was wondering what is the best way to do it.
Do I upgrade the master first and slave will automatically get upgraded? or do I have to break the cluster? And do it separately? How does the process look like?
Thanks in advance!
A
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
30 REPLIES 30
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you ede_pfau,
I just checked the release notes for 4.0.4 and as you mentioned - the upgrade is supported from v3.00 MR6 P4 or later, or MR7 P2 or later.
I' m on MR7, but is there a way to find out which patch release am I on?
Just want to make sure I can jump directly to 4.0.4, rather than 3.0 MR7 P2.
Thank you once again!
A
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet uses a build number to unambiguously identify the firmware. Get that from either the web GUI (don' t ask me where in v3.00) or the CLI with " get sys stat" .
Every version with build# >= 733 should be fine then.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you ede_pfau,
Mine is:
Version: Fortigate-110C 3.00,build5418,090402
Branch point: 741
So I' m guessing - I' m qualified 
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
build 741 indicates that your build is based upon 3.00 MR7 patch5. So go ahead.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you ede_pfau for all your help!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I' ve got a quickie - how would you proceed with a manual upgrade? What steps do I need to take?
Thanks for your help!
A
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hmmm - all upgrades are ' manual' .
Just refer to the second post in this thread. In the Web GUI, applet ' Licenses' , click ' Upgrade' in the FortiOS line. You are addressing a cluster so no need to configure the 2 FGTs individually.
As always:
- plan for an network outage
this usually is just seconds (per version, you will take several steps) but you never know
- make config backups before each upgrade step! as you have the firmware images you can always step back and make it run again if anything unfortunate happens
- check the config errors from the CLI (see above for command)
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ede_pfau,
Thank you for your reply - what I meant was - how does this process look like if I' d like to break the cluster and do it separately. Do I need to set up an IP address on the slave after breaking up the cluster in order to connect to its webinterface? or once the cluster is broken, I shall be able to connect to it using the original IP address of one of the interfaces, and proceed with the upgrade?
Thanks,
A
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you break up the cluster, both units regain their respective IPs that were configured before forming the cluster. If you started with a ' naked' slave-to-be then most probably the interfaces won' t have any IP addresses (but I' m not sure about this as I' ve never done it this way).
And yes, to connect to the FGT it must have a unique IP address on the interface you are connected to (physically).
You have to watch out that you don' t have 2 devices on the same subnet with identical IP addresses, and that applies to all interfaces (internal, WAN, DMZ etc.)
All that changeing of the configuration during the upgrade process carries the risk of a malconfiguration. And it leads to longer network downtime as the units have to change back to the virtual cluster MAC address when re-combining.
So why would you prefer to do the upgrade on a splitted cluster? Way too much hassle. Some years ago this used to be a viable alternative as one couldn' t be sure if the inter-cluster upgrade went through OK. But that is long ago, and you' re best off if you upgrade the cluster ' as-is' .
Maybe some other forum members could contribute their experience with cluster upgrades, too.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
So after breaking the cluster, upgrading the 2nd and then 1st box, I shall be able to re-connect them easily and it all shall be working as it was.
Or the cluster needs to be re-configured?
Thanks,
A
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiADC rspools on HA02 down after... 22 Views
- Upgrade file for Fortiweb on AWS 38 Views
- snmp 104 Views
- Issues with Image File Transfers Over... 44 Views
- Radius connection does not work anymore... 366 Views
Labels
-
FortiGate
8,218 -
FortiClient
1,656 -
5.2
801 -
FortiManager
692 -
5.4
639 -
FortiAnalyzer
524 -
FortiSwitch
440 -
FortiAP
436 -
6.0
416 -
FortiClient EMS
378 -
5.6
362 -
FortiMail
303 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
192 -
SSL-VPN
189 -
FortiNAC
167 -
IPsec
163 -
FortiGuard
129 -
6.4
128 -
FortiGateCloud
99 -
SD-WAN
98 -
FortiSIEM
96 -
FortiCloud Products
94 -
FortiToken
87 -
FortiAuthenticator
76 -
Customer Service
75 -
Wireless Controller
75 -
Firewall policy
65 -
4.0MR3
64 -
FortiProxy
54 -
FortiADC
51 -
Fortivoice
50 -
FortiEDR
50 -
VLAN
45 -
High Availability
44 -
FortiExtender
43 -
FortiDNS
42 -
ZTNA
42 -
FortiSandbox
40 -
Routing
36 -
BGP
36 -
DNS
36 -
FortiGate v5.4
35 -
LDAP
35 -
FortiSwitch v6.4
33 -
SAML
31 -
Interface
31 -
Certificate
31 -
Authentication
28 -
SSO
28 -
NAT
28 -
FortiConnect
27 -
FortiWAN
25 -
FortiConverter
25 -
RADIUS
25 -
FortiLink
25 -
VDOM
24 -
FortiGate v5.2
23 -
Application control
21 -
Virtual IP
21 -
Web profile
21 -
Logging
20 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiPAM
17 -
FortiDDoS
15 -
SSL SSH inspection
15 -
FortiGate v5.0
14 -
OSPF
14 -
IP address management - IPAM
13 -
FortiCASB
12 -
SSID
12 -
Admin
12 -
Static route
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
SNMP
11 -
Automation
11 -
System settings
11 -
WAN optimization
11 -
FortiSOAR
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiManager v4.0
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiBridge
8 -
RMA Information and Announcements
8 -
Port policy
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Security profile
7 -
Traffic shaping policy
7 -
Fabric connector
7 -
Intrusion prevention
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
FortiCarrier
5 -
FortiDeceptor
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Antivirus profile
5 -
Traffic shaping profile
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Replacement messages
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1584 | |
| 1038 | |
| 749 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.