Fortinet black logo

License Upgrade Guide - FortiNAC-OS

Home FortiNAC-F 7.2.0 License Upgrade Guide - FortiNAC-OS
7.2.0
7.2.0

Update Keys Due to Hardware Replacement

Update Keys Due to Hardware Replacement

This section applies to new hardware replacing an appliance with a (perpetual) endpoint license key installed. This procedure does not apply to appliances using a subscription license.

When hardware appliances with endpoint license keys are replaced, the endpoint license must be transferred to the new serial number and a new key installed.

RMA replacements: Complete the RMA Transfer before proceeding. Contact Customer Service for assistance.

Step 1: Record New MAC Address

  1. Login to the CLI of the new appliance and type

    get hardware status

  1. Record MAC.

  2. To exit CLI type

    exit

Step 2: Change Existing MAC Address Information

Open a Customer Service ticket online or by phone.

Provide the following information:

  • New appliance Serial Number

  • New (Port1) MAC Address

Example of ticket entry:

Hello Customer Service Team,We need to update the MAC Address value for the following appliance: Serial Number: <New serial number> Description: <Description>MAC Address: <New MAC Address>---------------------------------------------

Once Customer Service has updated the records, the new key can be downloaded and applied.

Step 3: Download Keys

  1. Login to the Customer Support Portal at http://Support.Fortinet.com

  1. Under the Asset Management panel, click Product List.

  1. Click on the serial number whose key will be downloaded.

  1. Under License & Key the following rows are displayed:

    • FortiNAC License File Download: Used for appliances branded as “FortiNAC” (Engine Version 8.3 and above).

    • Network Sentry Key File: Important: Only to be used for Network Sentry branded appliances (Engine Version 8.2 and below).

      Click Get the License File to download the key file. File will have a .lic extension.

  1. Download the license key file (<serial number>.lic) and save to a folder. This will be used in the next section.

    Important: This license key can only be applied to the appliance owning the serial number in the .lic filename.

  2. Logout of Customer Support Portal.

Step 4: Install New Key

Install the key file on the FortiNAC appliance owning the serial number listed in the .lic filename.

Important:

  • Application of key requires a restart of management processes. If appliance being restarted is actively managing the network, then during this time...

    • Wireless clients will be unable to connect (Radius requests will not be answered)

    • Captive portal will be unavailable (Devices in isolation will be unable to register or remediate)

    • VLANs will not be changed

  • High Availability environments without a Control Manager:

    • Primary Server status must be Running – In Control before applying licenses. This can be verified in the Administration UI under the SystemSummary widget in the Dashboard.

    • Application of license key in a High Availability environment requires a second restart of management processes.

  1. In the Administration UI, navigate to System > Settings > System Management > License Management.

  2. From the drop-down list, select the appliance. The server can be identified using the Port1 MAC address, serial number or UUID.

  3. Click Modify License Key.

  4. Apply key using one of the following methods:

    Option 1(recommended): Click Upload, browse to .lic key file, and click Open.

    Option 2: Copy and paste the entire content of the .lic file in the field under “Enter New Key:” Important: If any characters are missing from the pasted content, the license will not apply correctly.

  5. Click OK to apply the new license key. The existing key detail is displayed in a pop-up window along with the new key detail.

  6. Review the details. If they are not accurate, click Undo to revert to the existing license key and contact Customer Service to address. If they are accurate, click OK to apply the new key.

  7. To restart the server immediately, click OK on the dialog box.

  8. To restart the server later, click Cancel on the dialog box. Another dialog box appears stating that the new key will not be applied until the server is restarted.

    New features or license counts contained in the new license cannot be accessed until the server is restarted. The new license is saved on the server, but is not read until the server is restarted.

  9. Click OK to confirm. The new license is applied once the appliance restarts.

Step 5: Validate

Review the Administration UI to verify new entitlements:

License InformationDashboard panel

System > Settings > System Management > License Management

Subscription and Perpetual Licenses (Combined)

Subscription license count is added to the Perpetual License count. Example:

(Perpetual License PRO count=200) + (Subscription License PRO count=25) = (PRO count=225)

If the entitlements are not displaying as expected, see Troubleshooting.

Previous
Next

Update Keys Due to Hardware Replacement

This section applies to new hardware replacing an appliance with a (perpetual) endpoint license key installed. This procedure does not apply to appliances using a subscription license.

When hardware appliances with endpoint license keys are replaced, the endpoint license must be transferred to the new serial number and a new key installed.

RMA replacements: Complete the RMA Transfer before proceeding. Contact Customer Service for assistance.

Step 1: Record New MAC Address

  1. Login to the CLI of the new appliance and type

    get hardware status

  1. Record MAC.

  2. To exit CLI type

    exit

Step 2: Change Existing MAC Address Information

Open a Customer Service ticket online or by phone.

Provide the following information:

  • New appliance Serial Number

  • New (Port1) MAC Address

Example of ticket entry:

Hello Customer Service Team,We need to update the MAC Address value for the following appliance: Serial Number: <New serial number> Description: <Description>MAC Address: <New MAC Address>---------------------------------------------

Once Customer Service has updated the records, the new key can be downloaded and applied.

Step 3: Download Keys

  1. Login to the Customer Support Portal at http://Support.Fortinet.com

  1. Under the Asset Management panel, click Product List.

  1. Click on the serial number whose key will be downloaded.

  1. Under License & Key the following rows are displayed:

    • FortiNAC License File Download: Used for appliances branded as “FortiNAC” (Engine Version 8.3 and above).

    • Network Sentry Key File: Important: Only to be used for Network Sentry branded appliances (Engine Version 8.2 and below).

      Click Get the License File to download the key file. File will have a .lic extension.

  1. Download the license key file (<serial number>.lic) and save to a folder. This will be used in the next section.

    Important: This license key can only be applied to the appliance owning the serial number in the .lic filename.

  2. Logout of Customer Support Portal.

Step 4: Install New Key

Install the key file on the FortiNAC appliance owning the serial number listed in the .lic filename.

Important:

  • Application of key requires a restart of management processes. If appliance being restarted is actively managing the network, then during this time...

    • Wireless clients will be unable to connect (Radius requests will not be answered)

    • Captive portal will be unavailable (Devices in isolation will be unable to register or remediate)

    • VLANs will not be changed

  • High Availability environments without a Control Manager:

    • Primary Server status must be Running – In Control before applying licenses. This can be verified in the Administration UI under the SystemSummary widget in the Dashboard.

    • Application of license key in a High Availability environment requires a second restart of management processes.

  1. In the Administration UI, navigate to System > Settings > System Management > License Management.

  2. From the drop-down list, select the appliance. The server can be identified using the Port1 MAC address, serial number or UUID.

  3. Click Modify License Key.

  4. Apply key using one of the following methods:

    Option 1(recommended): Click Upload, browse to .lic key file, and click Open.

    Option 2: Copy and paste the entire content of the .lic file in the field under “Enter New Key:” Important: If any characters are missing from the pasted content, the license will not apply correctly.

  5. Click OK to apply the new license key. The existing key detail is displayed in a pop-up window along with the new key detail.

  6. Review the details. If they are not accurate, click Undo to revert to the existing license key and contact Customer Service to address. If they are accurate, click OK to apply the new key.

  7. To restart the server immediately, click OK on the dialog box.

  8. To restart the server later, click Cancel on the dialog box. Another dialog box appears stating that the new key will not be applied until the server is restarted.

    New features or license counts contained in the new license cannot be accessed until the server is restarted. The new license is saved on the server, but is not read until the server is restarted.

  9. Click OK to confirm. The new license is applied once the appliance restarts.

Step 5: Validate

Review the Administration UI to verify new entitlements:

License InformationDashboard panel

System > Settings > System Management > License Management

Subscription and Perpetual Licenses (Combined)

Subscription license count is added to the Perpetual License count. Example:

(Perpetual License PRO count=200) + (Subscription License PRO count=25) = (PRO count=225)

If the entitlements are not displaying as expected, see Troubleshooting.

Previous
Next