Description
This article describes how to upgrade a FortiAuthenticator High Availability cluster in single mode.
Scope
FortiAuthenticator on an HA cluster
Solution
The slave unit is administratively reachable through HTTPS only from the IP of an HA cluster member. If the port used for the HA communication is Port4, it is necessary for the Port4 subnet to be reachable from the FortiAuthenticator administrator workstation in order to launch the upgrade process on the slave unit.
Connect to the FortiAuthenticator Master unit and select the upgrade option on the dashboard.
Select Browse to upload the new firmware image and select OK.
The following confirmation dialog box will appear. Select OK.
The example in this article will use a Single upgrade.
Select Backup and Upgrade. A config backup will be downloaded.
After a few seconds, the firmware upgrade will start.
Starting from this point, the slave member will assume the production traffic while the master reboots to complete the upgrade process. Expect the transfer of the production network traffic back to the old master unit to take approximately 5 minutes.
To upgrade the slave HA member, connect to the device using the HA cluster member IP address as defined in the GUI menu below. After, perform the previous steps to upgrade the firmware.
Wait 5 minutes until the slave finishes the upgrade process and the HA cluster rebuild is complete.
Connect to the Master unit and check the HA status dashboard widget to verify that the FortiAuthenticator HA cluster is operational.
