- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- problem with HA after firmware upgrade
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
problem with HA after firmware upgrade
hello to everybody,
I have two Fortigate 110C in HA cluster.
I have update the firmware from MR1 to MR3 on Forti master . I have read all the docs about upgrade from MR1 to MR3. And I did it.
after the reboot of the master, it cannot see the slave with the firmware release MR1.
I have read that for working HA, the cluster unit must have the same firmware.
Actually I connect to Forti remotly by Avocent. So I thought to modify the IP address of the slave, disable all the other interfaces, modify HA from a-a to standalone connect via https with the new IP address set, to update the firmware.
But it doesn' t work. I cannot access forti slave via https, even I set a different IP.
do you have any idea? do I miss something?
Onother work around is to downgrade the firmware on forti master... What do you think?
thanks.
bye.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can try to update the slave with the command execute restore image ftp etc... but i have never tried that.
The best thing is to go over there, factory default the secondary unit, upgrade it and join it in the cluster again ;)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
thanks for the replay.
Actually the forti unit istoo farway from me!
I have an further information then the message I posted yesterday.
I processed the following steps for upgrading the forti cluster:
I upgraded on forti master from v4 MR1 patch 6 -> v4 MR1 patch 10 -> v4 MR3 patch 5 -> v4 MR3 patch 7.
the master is updated on the last release, instead the slave is updated to v4 MR1 patch 10.
After that, the slave is out from the cluster. maybe because of eh too different firmware version.
do you think if I downgrade the master from v4 MR3 patch 7 to v4 MR3 patch 5 could resolve the problem? maybe the master force to upgrade the slave.
what do you think?
thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you ask someone to provide remote support? Create a usb stick with a config file called fgt_system.conf with a new config backup of your master and only hostname and HA priority changed and the 4.3.7 image as image.out. Let someone disconnect the interfaces put the USB stick in and reboot the unit.
Then re-connect everything and it should work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nice idea with the USB stick but...this procedure will have to be applied to the SLAVE as it didn' t upgrade. Before doing that you' d have to disconnect the slave unit (because of the duplicate IP addresses). So all in all you need someone onsite to fix this.
Doesn' t help you much but this kind of situation does not happen often. Maybe there were too many intermediate steps, or not enoough time inbetween upgrades to allow the slave to be upgraded by the master.
What is the location of that cluster?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
when you upgrade der firmware in a HA environment, both units are upgraded at the same time - so normaly you dont have to upgrade the slave firmware manually.
When you connect to the master unit, do you see one or two units? (System => Dashboard => Status => System information => Cluster members)
Sincerely
Harald
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can ofcourse try to get hands-on help here on the forum ;)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks to all for the replay!
in the cluster I have only the master in the cluster. the slave is disconnected from the cluster, insn' t?
I entered on the by avocent on slave by CLI.
I have seen the slave is on the version MR1 patch10, so it did an upgrade step.
now I think the slave is out of the cluster because the different firmware version, MR3 patch 7 on the master and MR1 patch 10 on the slave.
on forti docs, I have read that MR3 patch 7 does not support MR1 patch 10.
so I think if I downgrade the master (upgrade the MR3 patch 5, which support upgrade from MR1 patch 10), the slave should enter on the cluster and should be upgraded.
what do you think?
I don' t have remote support soon!!!
thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello to everybody,
I have tried to downgrade the master with the same firmware version of the slave.
after all, the master and the slave didn' t see each other. I have read that the cluster unit should synchronize each other once the firmware have the same version.
the both unit have the same configuration.
I have tried to disconnect the slave in standalone mode. but I have got an error. the error shows that wan1 cannot get a mac address.
but I have noticed that I cannot manage wan1, neither set status down or up seems to work.
I have tried to add a mac address, but still cannot connect to the slave (setting a new IP address)
do you all have any idea?
the firmware of the slave is MR1 path 10, do you know if there is some problem with this patch??
thanks!!
bye
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortivoice - Random Interruptions 89 Views
- Strange routing issue for PPPoE interface... 187 Views
- after upgrade of 70F 110 Views
- Upgrade FG from FortiManager - problems... 326 Views
- Centos 9 upgrade problem 300 Views
Labels
-
FortiGate
7,034 -
FortiClient
1,387 -
5.2
801 -
5.4
639 -
FortiManager
610 -
FortiAnalyzer
446 -
6.0
416 -
FortiAP
369 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
285 -
FortiMail
272 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
172 -
6.4
128 -
FortiNAC
123 -
FortiGuard
112 -
IPsec
104 -
SSL-VPN
94 -
FortiGateCloud
93 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
48 -
FortiADC
45 -
Fortivoice
44 -
SD-WAN
43 -
FortiEDR
42 -
FortiDNS
37 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiAuthenticator
32 -
FortiSwitch v6.4
32 -
Firewall policy
32 -
VLAN
28 -
High Availability
28 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
DNS
21 -
FortiConverter
21 -
BGP
19 -
FortiGate v5.2
19 -
Certificate
19 -
SAML
18 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
FortiDDoS
14 -
Logging
14 -
FortiGate v5.0
13 -
Fortigate Cloud
13 -
Routing
13 -
FortiCASB
12 -
RADIUS
11 -
NAT
11 -
Web profile
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Proxy policy
6 -
Security profile
6 -
Traffic shaping policy
6 -
Static route
6 -
FortiDirector
5 -
IPS signature
5 -
Packet capture
5 -
FortiAP profile
5 -
Automation
5 -
FortiManager v4.0
5 -
FortiDeceptor
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
FortiAI
2 -
Application signature
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiCWP
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1041 | |
| 862 | |
| 512 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.