Posting this to save someone else the headache there’s a subtle but serious change in FortiOS 7.6 around TPM that can wreck your HA upgrade.
I’ve been able to reproduce this issue on a 120G and 7K.
What actually happens:
If TPM is enabled and you upgrade an HA pair from 7.4.x→ 7.6**:**
- The secondary reboots into 7.6 as expected
But due to changes in TPM handling, it can’t access/decrypt its existing encrypted configuration
- This effectively bricks the config on the secondary
- The node comes up in a broken state, so HA never reforms
-The upgrade process then times out and fails
Why this is nasty:
This isn’t just a failed upgrade, it leaves your HA pair inconsistent, with a secondary that can’t rejoin because its config is no longer usable under 7.6 TPM behaviour.
Before you upgrade:
- Be extremely cautious** if **TPM + config encryption are in use.
- If possible, disable TPM before upgrading.