Table of Contents
Advertisement
FortiDDoS
Updating firmware on HA cluster
Note the following before upgrade:
Upgrading FortiDDoS requires at least one reboot of each appliance and can be disruptive of network traffic
l
depending on fail-open/closed conditions and RSTP/BGP settings of surrounding switches. This procedure
assumes production traffic on the Master appliance with an upgrade of the Slave appliance first. This procedure can
be reversed – move traffic to the Slave, upgrade the master, revert traffic and upgrade the Slave.
If both devices are carrying production traffic (each appliance is on one leg of an asymmetric traffic environment),
l
ensure both devices support fail-open and perform in a maintenance window.
Do not modify any configuration settings when systems are in Standalone Mode. Any configuration changes may
l
cause the Slave unit to reboot when returning to the HA pair.
To update the firmware of an HA cluster:
1. Verify that the cluster node members are powered on and available.
2. Log into the web UI of the Master node with an account whose access profile contains Read and Write
permissions in the Maintenance and HA categories.
3. Backup the configuration.
4. Go to System > High Availability and note or take a screenshot of all settings on this page.
5. Change the HA mode from Active-Passive to Standalone.
6. Repeat steps 2-4 on the Slave system.
Note : Having both systems in Standalone mode is important for this procedure.
7. On the Slave system, follow the upgrade procedure as instructed in the Release Note
assumes that the traffic is currently on the Master system.)
8. Once the Slave system is upgraded, leave the Slave in Standalone Mode and move traffic to the Slave.
9. On the Master system, follow the upgrade procedure as instructed in the Release Note
10. When upgrade of the Master system is complete, while still connected to the Master, go to System > High
Availability. Confirm or set all HA settings that you retrieved from Step 4. Ensure that the Device priority is set to a
higher priority (lower number) than what you have recorded for the Slave system. Then change the Master system
Configured HA Mode to 'Active-Passive'.
11. Revert traffic to the Master system.
12. On the Slave appliance, go to System > High Availability. Confirm all settings from those you recorded in Step 4
and confirm or set the Device Priority to a lower priority (higher number) than the Master system. Then change
Configured HA Mode to 'Active-Passive'.
13. Depending on what Release you are upgrading from, new configuration information may be available on the
Master system that is not in the Slave. When the Slave sees this configuration mismatch, it will reboot in order to
synchronize its configuration with the Master. This is normal and will only occur once. Once both units are
synchronized, changes in the Master are synchronized to the Slave without further reboots.
10
Updating firmware on HA cluster
upgrading
section. (This
Upgrading
section.
FortiDDoS 5.3.0 Release Notes
Fortinet Technologies Inc.
Advertisement
Table of Contents
