Re: Upgrading 600E failover pair
IMHO you are missing a test environment - you don't fully trust the upgrade but have to resort to the second production machine for testing and fall back, resp.
You should know that the main versions at the moment are FortiOS 6.0, 6.2, 6.4 and 6.8 a.k.a. 7.0. Within the respective main version you should upgrade to the latest patch asap. This will take care of functional bugs and security flaws.
Upgrading to a higher OS version needs some consideration. Usually, with a lot of new stuff and 'better ways' to handle known features, the syntax will change in parts which makes reverting difficult. Upgrading does a good job in trying to adjust syntax changes, but you have to understand the stuff first.
And, a new main version starts with patch 0, and we all know "never upgrade to patch 0 or 1" (or anything below patch 5) may save your butt some day.
So, in my opinion, one should keep patching up and upgrading apart.
In your case, patching up to 6.2.8 is a very good choice. If you are running a cluster, you will have good reasons for it, so keep it functional, patch it as a cluster. Then, consider upgrading if you need new features or want to learn, plan downtime, keep backups, test every aspect of your config but do it on a spare firewall in the lab.
Ede " Kernel panic: Aiee, killing interrupt handler!"