Table of Contents
Advertisement
Firmware upgrades
1. Log into the primary FIM and verify that it is running the expected firmware version.
You can verify the firmware version running on the primary FIM from the System Information dashboard widget or
by using the
get system status command.
2. Confirm that the FortiGate-7000 is synchronized.
Monitor > Configuration Sync Monitor to verify the configuration status of the FIMs and FPMs. You can
Go to
also use the
diagnose sys confsync status | grep in_sy command to see if the FIMs and FPMs are
all synchronized. In the command output,
means the FIM or FPM is not synchronized, which could indicated the FIM or FPM is running a different firmware
build than the primary FIM.
3. Optionally, you can also log into the other FIM and FPMs, and in the same way confirm that they are also running
the expected firmware version and are synchronized.
Upgrading the firmware running on individual FIMs or FPMs
You can install firmware on individual FIMs or FPMs by logging into the FIM or FPM GUI or CLI. You can also setup a
console connection to the FortiGate-7000 front panel SMM and install firmware on individual FIMs or FPMs from a
TFTP server after interrupting the FIM or FPM boot up sequence from the BIOS.
Normally you wouldn't need to upgrade the firmware on individual FIMs or FPMs because the FortiGate-7000 keeps the
firmware on all of the FIMs and FPMs synchronized. However, FIM or FPM firmware may go out of sync in the following
situations:
Communication issues during a normal FortiGate-7000 firmware upgrade.
l
Installing a replacement FIM or FPM that is running a different firmware version.
l
Installing firmware on or formatting an FIM or FPM from the BIOS.
l
To verify the firmware versions on each FIM or FPM you can check individual FIM and FPM GUIs or enter the
system status command from each FIM or FPM CLI. You can also use the diagnose sys confsync status
| grep in_sy command to see if the FIMs and FPMs are all synchronized. In the command output, in_sync=1
means the FIM or FPM is synchronized.
the FIM or FPM is running a different firmware build than the primary FIM.
The procedures in this section work for FIMs or FPMs in a standalone FortiGate-7000. These procedures also work for
FIMs or FPMs in the primary FortiGate-7000 in an HA configuration. To upgrade firmware on an FIM or FPM in the
secondary FortiGate-7000 in an HA configuration, you should either remove the secondary FortiGate-7000 from the HA
configuration or cause a failover so that the secondary FortiGate-7000 becomes the primary FortiGate-7000.
In general, if you need to update both FIMs and FPMs in the same FortiGate-7000, you should update the FIMs first as
the FPMs can only communicate through FIM interfaces.
Upgrading FIM firmware
Use the following procedure to upgrade the firmware running on a single FIM. For this procedure to work, you must
connect at least one of the FIM MGMT interfaces to a network. You must also be able to log in to the FIM GUI or CLI
from that MGMT interface. If you perform the firmware upgrade from the CLI, the FIM must be able to communicate
with an FTP or TFTP server.
During the upgrade, the FIM will not be able to process traffic. However, the other FIM and the FPMs should continue to
operate normally.
FortiGate-7030E 6.2.3 System Guide
in_sync=1 means the FIM or FPM is synchronized. In_sync=0
In_sync=0 means the FIM or FPM is not synchronized, which could indicated
Fortinet Technologies Inc.
get
32
Advertisement
Table of Contents
