[FortiGate] Checking the operation of firmware upgrade in HA configuration

Firewall (UTM)

How to perform an upgrade in HA

The Admin Guide for firmware upgrades in FortiGate HA configurations states:

  • You can upgrade the HA cluster’s firmware in the same way as a standalone FortiGate
  • Can be upgraded without interrupting communication within the cluster
  • The upgrade operation procedure and flow of operations are as follows:
    1. Perform upgrade operations in a manner similar to standalone
    2. Firmware is upgraded on all lower units
    3. A new primary machine is selected from among the upgraded subordinates
    4. Version upgrade is carried out on the former primary machine
    5. A primary is elected according to the standard primary election process

I can understand it somehow from the above, but I was worried about what kind of movement it would actually be, so I tried to check the operation.

Operation confirmation environment

Check the operation in the following environment. The FortiGate model number is FortiGate-60E.

Try to upgrade

Below is the GUI screen with firmware ver.6.4.8. Upgrade normally.
Note that this operation is performed on the primary machine.

Click [Backup config and upgrade] Settings to continue and the config will be backed up and the image file uploaded as usual.

After that, the following screen will be displayed and the upgrade process will be performed.

At this time, the console of each FortiGate will display as follows.

◆Primary machine console

Wait for HA to be primary of all clusters...
Send image to HA secondary.
.
Wait for secondary to restart..........

◆Secondary machine console

Get image from ha primary OK.
Check image OK.
Please wait for system to restart.


Firmware upgrade in progress ...
Done.


The system is going down NOW !!

Please stand by while rebooting the system.
Restarting system.

From the console log above, you can see that the image file was transferred from the primary device to the secondary device, and the version upgrade was performed from the secondary device side.

After that, when the version upgrade of the secondary device is completed, the secondary device will become the new primary device, and the version upgrade will be carried out on the former primary device side.

◆Primary machine console

Wait for secondary to restart.................................................................................................
..............................................................................................................
.....................................................................................................
Wait for first secondary to become new primary..


Firmware upgrade in progress ...
Done.


The system is going down NOW !!

Please stand by while rebooting the system.
Restarting system.

Once the original primary device has been restarted after upgrading, the entire operation will be complete.

About the HA state after the upgrade is complete

Once the original primary has been upgraded, a primary will be selected following the standard primary selection process.

The behavior at this time depends on his HA-related configuration item Override.

  • If Override is enable
    • Automatic switching back occurs and the original primary device (higher priority) switches back to primary
  • If Override is disable
    • The former primary machine is added to the cluster as a secondary
    • However, if the version upgrade of the former primary device is completed within 5 minutes after the restart of the former secondary device, an automatic switchback will occur and the former primary device will become the primary device (according to the operation specifications when Override is disabled).

Communication interruption time during upgrade process

During the upgrade, communication interruptions may occur at the following two times.

  1. Timing when the secondary machine switches to primary after the upgrade of the secondary machine is completed
  2. Timing of switching back to the primary after the upgrade of the former primary machine is completed

The above “2.” may or may not occur depending on the Override setting. Even if this occurs, it has been confirmed that it is only a momentary interruption.

Regarding “1.”, it will definitely occur, but the timing of this interruption time varies depending on the target version and was as follows.

Cutoff time at timing “1.”

  • When upgrading from ver.6.4.x to ver.6.4.x
    • Momentary interruption or no interruption
  • When upgrading from ver.6.4.8 to ver.7.0.7
    • About 70 seconds
  • When upgrading from ver.7.0.7 to ver.7.0.9
    • Momentary interruption or no interruption
  • When upgrading from ver.7.0.7 to ver.7.2.3
    • Momentary interruption or no interruption

Clearly, the disconnection time was long only when upgrading from ver.6.4.8 to ver.7.0.7, and I tried several times, but it was always fixed and about 70 seconds of disconnection occurred.

Although the Admin guide states that an upgrade with an HA configuration will not cause a loss of communication, it can actually be said that a certain amount of loss of communication may occur. This point needs attention.

Other points to note

  • When downgrading, the operation differs from upgrading, and the primary and secondary devices are downgraded at the same time. Please note that communication interruptions occur normally

References

Upgrading FortiGates in an HA cluster | Administration Guide
docs.fortinet.com

FortiGate Mastery Web Book
Getting Started with FortiGate How to access the GUI of factory default FortiGate Basic knowledge about config...
network-knowledge.work
2021.11.01
スポンサーリンク

Comments

Copied title and URL