Lookup preferred release for your hardware
Backup configs
Device > Setup > Operations > export
Make note of relevant IP's and URLs
- Management IP's
- Public IP
- LAN IP
- GP portal IP and URL
- Record S2S VPNs up/down
- Maybe start a continuous ping to IPs
Download the software and sync to HA peer
Device > Software > Check now
You can jump with in a major release like 10.2.10 to 10.2.10-h3
If you need to go up a few versions you need to go
10.2.5 > 10.2.10 > 11.0 > 11.5
- Start on 10.2.5
- Download and install latest in family 10.2.10
- Download 11.0
- Download latest in next family 11.5
- Install 11.5 so long as 11.0 files are downloaded it will be ok
- Don't go more than 1 major version ahead of the other FW, keep in step
Install on secondary
- Go onto the standby and install the update
- Let that install and reboot
- reboot takes about 20 minutes
- You may see an error on primary that config is not sync'd you can ignore
Switch over to secondary which has just been upgraded
- Disable HA on primary to let the secondary take over
- Device > High Availability > Suspend local device for high availability
Completed install on primary
- Install update and reboot on primary
- When it comes back up it will re-enable HA but check that it has
- Repeat the process until upgrade to preferred release
After upgrade
Testing (internet, email, teams, GP)
Run all the dynamic updates and make sure updates are scheduled
GP client
GP client can be updated as well but this can introduce other issues to best done separately
vpn.domain.com should resolve on the LAN
No comments:
Post a Comment