Update Keys Due to UUID/MAC Change

If either the eth0 MAC address or UUID has changed, it will no longer match the MAC and UUID encoded in the installed license key. This prevents FortiNAC processes from starting. Note: This process does not change entitlements.

Step 1: Record New UUID and MAC Address

1. Login to the CLI and type

   get hardware status

2. Record MAC and UUID values.

3. Record serial number. Type:

   get system status

4. To exit CLI type end or exit.

Step 2: Identify Serial Numbers to Update

Identify the serial number of each appliance whose MAC address and/or UUID has changed.

1. Login to the Customer Support Portal at http://Support.Fortinet.com

2. Under the Asset Management panel, click Product List.

   

3. Click on the Serial Number to verify the current MAC Address and UUID assigned.

4. Record the following information in the Product Information panel:

   • Serial Number

   • Description (Tip: If description is confusing, update the field with the hostname or some other entry that easily identifies which appliance the information belongs. Click on the pencil icon in the upper right corner to modify.)

   • MAC Address (existing Port1 MAC Address)

   • UUID (existing UUID)

     

5. Collect the information in step 4 for each appliance needing updates.

Step 3: Change Existing MAC Address and UUID Information

Open a Customer Service ticket online or by phone.

Provide the following information:

• Serial Number

• Old MAC Address

• Old UUID

• New (Port1) MAC Address

• New UUID

Example of ticket entry:

Hello Customer Service Team,

We need to update the MAC Address and UUID values for the following appliances: 

Serial Number: <serial number> 
Description:  <description>
MAC Address = <Old MAC address>
UUID = <Old UUID>

Change to:

New MAC Address = <New MAC Address>
New UUID = <New UUID>

---------------------------------------------

Serial Number: <serial number> 
Description:  <description>
MAC Address = <Old MAC address>
UUID = <Old UUID>

Change to:

New MAC Address = <New MAC Address>
New UUID = <New UUID>

Once Customer Service has updated the records, the new keys can be downloaded and applied.

Step 4: Download New Key

1. Login to the Customer Support Portal at http://Support.Fortinet.com

2. Under the Asset Management panel, click Product List.

3. Click on the serial number whose key will be downloaded.

4. Under Key, select Get the License File next to FortiNAC License File Download to download the key file. File will have a .lic extension.

   Important: Network Sentry Key File is only to be used for Network Sentry branded appliances.

   

5. Download the license key file (<serial number>.lic) and save to a folder. This will be used in the next section.

   Important: This license key can only be applied to the appliance owning the serial number in the .lic filename.

6. Repeat these steps to download keys for every appliance whose MAC and UUID was updated.

7. Logout of Customer Support Portal.

Step 5: Install New Key

Install the key file on the FortiNAC appliance owning the serial number listed in the .lic filename.

Important:

• Application of key requires a restart of management processes. If appliance being restarted is actively managing the network, then during this time...

  • Wireless clients will be unable to connect (Radius requests will not be answered)

  • Captive portal will be unavailable (Devices in isolation will be unable to register or remediate)

  • VLANs will not be changed

• High Availability environments without a Control Manager:

  • Primary Server status must be Running – In Control before applying licenses. This can be verified in the Administration UI under the System Summary widget in the Dashboard.

  • Application of license key in a High Availability environment requires a second restart of management processes.

1. In the Administration UI, navigate to System > Settings > System Management > License Management.

2. From the drop-down list, select the appliance. The server can be identified using the Port1 MAC address, serial number or UUID.

   

3. Click Modify License Key.

   

4. Apply key using one of the following methods:

   Option 1 (recommended): Click Upload, browse to .lic key file, and click Open.

   Option 2: Copy and paste the entire content of the .lic file in the field under “Enter New Key:” Important: If any characters are missing from the pasted content, the license will not apply correctly.

5. Click OK to apply the new license key. The existing key detail is displayed in a pop-up window along with the new key detail.

6. Review the details. If they are not accurate, click Undo to revert to the existing license key and contact Customer Service to address. If they are accurate, click OK to apply the new key.

7. To restart the server immediately, click OK on the dialog box.

8. To restart the server later, click Cancel on the dialog box. Another dialog box appears stating that the new key will not be applied until the server is restarted.

   New features or license counts contained in the new license cannot be accessed until the server is restarted. The new license is saved on the server, but is not read until the server is restarted.

9. Click OK to confirm. The new license is applied once the appliance restarts.

Step 6: Validate

Review the Administration UI to verify new entitlements:

License Information Dashboard panel

System > Settings > System Management > License Management

Subscription and Perpetual Licenses (Combined)

Subscription license count is added to the Perpetual License count. Example:

(Perpetual License PRO count=200) + (Subscription License PRO count=25) = (PRO count=225)

If the entitlements are not displaying as expected, see Troubleshooting.