awesome video. i'll be upgrade an HA setup firewall in coming time. done it lots of time. this video just give more perspective to the whole process. problem is now, my boss would like to do it in interruptable manner firmware upgrade. more like upgrading it at the same time. could you give me some advice sir. thank you very much
Hi Devin. Thanks for the video, i did a firmware upgrade just yesterday for one of our clients. Just wanted to highlight a couple of things here, In my case the network outage was 2-4 drops, even though the session pickup was functioning, but it didn't bother the client. Second point is that although i had disabled the override option, the firewall still forced a failover. Could it be due to the high priority of one of the firewalls? Thanks
Thanks for the feedback. The drop packets were probably because of the force failover. And you nailed, it was because of the higher priority of one of the firewalls. If the uptime between the HA members are within 5 minutes, it uses the priority. you would have to change them all back to the same priority number if you wanted to keep it from doing that in the future.
@hunter116471 I plan to upgrade FTG201 E, I have a problem please help me, in case if I let the main child have higher priority. and the disabled the override option, after upgrading both devices, will the primary child order be changed? Thanks
Hi Devin: what if HA is on a mandatory HA priority : 129 (primary-master) - 128 (secondary-slave). The forced failover is going to happened every single time when an upgrade is planned ? I'm talking about a production environment, when upgrades are done on windows changes at 4:00 AM. The forced failover is going to take longer than normal, right ? Not like the present video ? Pus, I don't want to change in any way the way the HA priority is set up, as I'm afraid not no mess up things, especially when the upgrade windows is only 1 hour. - btw - I just subscribed to your channel, I will watch all your videos, as I'm in a process of learning new things.
Did you ever get your answer? I was thinking about changing my priority to match and then disabling override until the upgrade completes. Thought I would run it by you first since you had the same setup I do.
@@willlyons8776 I changed the Priority of Secondary Firewall from 50 to 100....to match with Primary Firewall's priority (100), no change /downtime. Override was already disabled.
for this lab how much RAM and CPU you have allocated under gnsclient-> edit preferences -->GNS3VMserver ?... Because my lab is getting hang... iam having 16gb ram /i7 processors. i added 3iou swithces / two fortigate / 6vpcs and one nat cloud for internet access. Kindly do help me out how much RAM and VPCU should need to allocate..
HI @Devin Adams, could i know that what about upgrade via multiple path? for example 6.0.2 > 6.0.6 > 6.2.7 ? does it use method above? if it's do, could i say there is multiple time to failover for upgrade multiple path firmware? (push firmware) A > B(upgrade), (failvover)B > A (upgrade), (failvover)A > B (upgrade). does it correct from my understand? could you advise?
hacen trabajo lo prometo. debe ir al sitio web de soporte, la foto de la versión fortimanager o fortianalyzer que desea y es el archivo que tiene OVA en su nombre. Debería comenzar con algo como FMG-V64
@@ericknicolas338 regrese a mi lista de reproducción y encuentre la creación de un laboratorio NSE5. le mostrará cómo obtener acceso de administrador una vez que tenga la máquina en funcionamiento. Espero que eso ayude a mi amigo.
It's pretty darn cool that I'm still learning random Fortinet stuff from you. 👌🏿
Awesome walkthru!
awesome video. i'll be upgrade an HA setup firewall in coming time. done it lots of time. this video just give more perspective to the whole process. problem is now, my boss would like to do it in interruptable manner firmware upgrade. more like upgrading it at the same time. could you give me some advice sir. thank you very much
Well done
awesome
This is active passive right??
Hi Devin. Thanks for the video, i did a firmware upgrade just yesterday for one of our clients. Just wanted to highlight a couple of things here, In my case the network outage was 2-4 drops, even though the session pickup was functioning, but it didn't bother the client.
Second point is that although i had disabled the override option, the firewall still forced a failover. Could it be due to the high priority of one of the firewalls?
Thanks
Thanks for the feedback. The drop packets were probably because of the force failover. And you nailed, it was because of the higher priority of one of the firewalls. If the uptime between the HA members are within 5 minutes, it uses the priority. you would have to change them all back to the same priority number if you wanted to keep it from doing that in the future.
@@DevinAdams Perfect. Thanks a lot. and thanks again for the video.
@hunter116471 I plan to upgrade FTG201 E, I have a problem please help me, in case if I let the main child have higher priority. and the disabled the override option, after upgrading both devices, will the primary child order be changed? Thanks
Hi Devin: what if HA is on a mandatory HA priority : 129 (primary-master) - 128 (secondary-slave). The forced failover is going to happened every single time when an upgrade is planned ? I'm talking about a production environment, when upgrades are done on windows changes at 4:00 AM. The forced failover is going to take longer than normal, right ? Not like the present video ? Pus, I don't want to change in any way the way the HA priority is set up, as I'm afraid not no mess up things, especially when the upgrade windows is only 1 hour. - btw - I just subscribed to your channel, I will watch all your videos, as I'm in a process of learning new things.
Did you ever get your answer? I was thinking about changing my priority to match and then disabling override until the upgrade completes. Thought I would run it by you first since you had the same setup I do.
@@willlyons8776 I changed the Priority of Secondary Firewall from 50 to 100....to match with Primary Firewall's priority (100), no change /downtime. Override was already disabled.
for this lab how much RAM and CPU you have allocated under gnsclient-> edit preferences -->GNS3VMserver ?... Because my lab is getting hang... iam having 16gb ram /i7 processors. i added 3iou swithces / two fortigate / 6vpcs and one nat cloud for internet access. Kindly do help me out how much RAM and VPCU should need to allocate..
Excelent Thank YOu
HI @Devin Adams, could i know that what about upgrade via multiple path? for example 6.0.2 > 6.0.6 > 6.2.7 ? does it use method above? if it's do, could i say there is multiple time to failover for upgrade multiple path firmware? (push firmware) A > B(upgrade), (failvover)B > A (upgrade), (failvover)A > B (upgrade). does it correct from my understand? could you advise?
good one
top guru
Where can download fortigate firmware for free? hope can help
Devin bro, donde puedo descargar los iso de fortimanager y Fortianalyzer, los VM de la página de soporte no funcionan en mi Workststion v14.
hacen trabajo lo prometo. debe ir al sitio web de soporte, la foto de la versión fortimanager o fortianalyzer que desea y es el archivo que tiene OVA en su nombre. Debería comenzar con algo como FMG-V64
Solo no me abre la administración por http o https una vez que configuro sus interfaces de los equipos, incluso no me contesta el ping
@@ericknicolas338 regrese a mi lista de reproducción y encuentre la creación de un laboratorio NSE5. le mostrará cómo obtener acceso de administrador una vez que tenga la máquina en funcionamiento. Espero que eso ayude a mi amigo.
@@DevinAdams
Gracias Devin.