How to set up your FortiADC : Updating the firmware : Installing firmware : Updating firmware on an HA pair
 
Updating firmware on an HA pair
Installing firmware on an HA pair is similar to installing firmware on a single, standalone appliance.
To ensure minimal interruption of service to clients, use the following steps.
 
If downgrading to a previous version, do not use this procedure. The HA daemon on the standby appliance might detect that the main appliance has older firmware, and attempt to upgrade it to bring it into sync, undoing your downgrade.
Instead, switch out of HA, downgrade each appliance individually, then switch them back into HA mode.
To update the firmware of an HA pair
1. Verify that both of the members in the HA pair are powered on and available on all of the network interfaces that you have configured.
 
If required ports are not available, HA port monitoring could inadvertently trigger an additional failover and traffic interruption during the firmware update.
2. Log in to the web UI of the primary appliance as the admin administrator. (You cannot connect to an appliance while it is the standby.)
3. Install the firmware on the primary appliance. For details, see “Installing firmware”. When installing via the web UI, a message will appear after your web browser has uploaded the file:
Sending the new firmware file to the standby. Please wait...
The primary appliance will transmit the firmware file to the standby appliance over its HA link.The standby appliance will upgrade its firmware first; on the active appliance, this will be recorded in an event log message such as:
Member (FADV080000000000) left HA group
After the standby appliance reboots and indicates via the HA heartbeat that it is up again, the primary appliance will begin to update its own firmware. During that time, the standby appliance will temporarily become active and process your network’s traffic. After the original appliance reboots, it indicates via the HA heartbeat that it is up again. Which appliance will assume the active role of traffic processing depends on your configuration (see “How HA chooses the active appliance”):
If Override is enabled, the cluster will consider your Device Priority setting. Therefore both appliances usually make a second failover in order to resume their original roles.
If Override is disabled, the cluster will consider uptime first. The original primary appliance will have a smaller uptime due to the order of reboots during the firmware upgrade. Therefore it will not resume its active role; instead, the standby will remain the new primary appliance. A second failover will not occur.
Reboot times vary by the appliance model, and also by differences between the original firmware and the firmware you are installing, which may require the installer to convert the configuration and/or disk partitioning schemes to be compatible with the new firmware version.
See also
Installing firmware
Configuring a high availability (HA) FortiADC cluster