FortiNAC Manager Environments (Separate C+A Servers)

Home FortiNAC-F 7.4.0 FortiNAC Manager Environments (Separate C+A Servers)

7.4.0

Overview

This document applies to FortiNAC appliances managed by the FortiNAC Manager. Provides the steps for a customer to migrate their existing FortiNAC Control (FNC-C-VM) and Application (FNC-A-VM) virtual appliance pair to the new FortiNAC-F virtual appliance (FNC-CAX-VM). The FNC-C-VM and FNC-A-VM pair use the CentOS operating system. The FNC-CAX-VM uses the FortiNAC-OS operating system. This document assumes the customer is using perpetual endpoint licenses.

Once migration is complete, the FortiNAC-OS appliance will have the license, entitlements and configuration of the CentOS appliance pair.

If not managed by a FortiNAC Manager, do not use this document. Proceed to the applicable documentation:

Separate C+A to FortiNAC-OS VM Migration - Single Appliance

Separate C+A to FortiNAC-OS VM Migration - High Availability Environments

Requirements

The FortiNAC Primary Server must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Control Server.

Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.
All 4 appliances in the High Availability pair should be migrated in the same session. In a High Availability configuration, both FortiNAC servers must match all of the following:
- Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)
- Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)
  
  Configuration Examples

Supported (Primary/Secondary)	Not Supported (Primary/Secondary)
FNC-CA-500F / FNC-CA-500F FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS) FNC-M-550F / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (VMware)	FNC-CA-500F / FNC-CA-600F FNC-CAX-VM / FNC-CA-xxxF FNC-CAX-VM / FNC-CA-VM FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM) FNC-MX-VM / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Supported

(Primary/Secondary)

Not Supported

(Primary/Secondary)

FNC-CA-500F / FNC-CA-500F

FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)

FNC-M-550F / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (VMware)

FNC-CA-500F / FNC-CA-600F

FNC-CAX-VM / FNC-CA-xxxF

FNC-CAX-VM / FNC-CA-VM

FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)

FNC-MX-VM / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Recommended FortiNAC software versions
- Existing FortiNAC CentOS appliances
  - v9.1 or greater* **
  - vF7.2.0 or greater * **
    
    * Later versions may require importing of key certificates prior to upgrade. See Importing License Key Certificates.
    
    ** Later versions may require new license keys prior to upgrade. See KB article Upgrade fails with license requirement error)
- New FortiNAC-OS appliances: F7.2.5 or greater
Temporary management IP address
CLI access to both the CentOS and FortiNAC-OS appliances

Considerations

The process outlined and the tools used for this migration is not supported for the following:

FortiNAC systems using subscription endpoint licenses (Support Type = FortiNAC VM)

FortiNAC-OS appliances running F7.2.5:
- "Portal" and "Persistent Agent" SSL certificates will not be migrated. These certificates will have to be installed post migration. Reference Ticket # 988244 in the Known Issues section of version 7.2.5 Release Notes.
- Migration script fails to bundle on Control and Application server pairs configured for High Availability. Reference Ticket # 990531 in the Known Issues section of version 7.2.5 Release Notes.

Migration Steps

Below are the steps required to complete the migration.

Step 1: Product Registration*

Step 2: Transfer Endpoint License Entitlements*

Step 3: Appliance Installation

Step 4: Generate and Download Keys

Step 5: Appliance Configuration

Step 6: Download & Install New License Key

--- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---

Step 7: Collect & Transfer CentOS Migration Data

Step 8: Cutover to New Appliance

*See Preparation Checklist for suggested timelines to complete step.

Overview

Once migration is complete, the FortiNAC-OS appliance will have the license, entitlements and configuration of the CentOS appliance pair.

If not managed by a FortiNAC Manager, do not use this document. Proceed to the applicable documentation:

Separate C+A to FortiNAC-OS VM Migration - Single Appliance

Separate C+A to FortiNAC-OS VM Migration - High Availability Environments

Requirements

The FortiNAC Primary Server must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Control Server.

Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.
All 4 appliances in the High Availability pair should be migrated in the same session. In a High Availability configuration, both FortiNAC servers must match all of the following:
- Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)
- Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)
  
  Configuration Examples

Supported (Primary/Secondary)	Not Supported (Primary/Secondary)
FNC-CA-500F / FNC-CA-500F FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS) FNC-M-550F / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (VMware)	FNC-CA-500F / FNC-CA-600F FNC-CAX-VM / FNC-CA-xxxF FNC-CAX-VM / FNC-CA-VM FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM) FNC-MX-VM / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Supported

(Primary/Secondary)

Not Supported

(Primary/Secondary)

FNC-CA-500F / FNC-CA-500F

FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)

FNC-M-550F / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (VMware)

FNC-CA-500F / FNC-CA-600F

FNC-CAX-VM / FNC-CA-xxxF

FNC-CAX-VM / FNC-CA-VM

FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)

FNC-MX-VM / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Recommended FortiNAC software versions
- Existing FortiNAC CentOS appliances
  - v9.1 or greater* **
  - vF7.2.0 or greater * **
    
    * Later versions may require importing of key certificates prior to upgrade. See Importing License Key Certificates.
    
    ** Later versions may require new license keys prior to upgrade. See KB article Upgrade fails with license requirement error)
- New FortiNAC-OS appliances: F7.2.5 or greater
Temporary management IP address
CLI access to both the CentOS and FortiNAC-OS appliances

Considerations

The process outlined and the tools used for this migration is not supported for the following:

FortiNAC systems using subscription endpoint licenses (Support Type = FortiNAC VM)

FortiNAC-OS appliances running F7.2.5:
- "Portal" and "Persistent Agent" SSL certificates will not be migrated. These certificates will have to be installed post migration. Reference Ticket # 988244 in the Known Issues section of version 7.2.5 Release Notes.
- Migration script fails to bundle on Control and Application server pairs configured for High Availability. Reference Ticket # 990531 in the Known Issues section of version 7.2.5 Release Notes.

Migration Steps

Below are the steps required to complete the migration.

Step 1: Product Registration*

Step 2: Transfer Endpoint License Entitlements*

Step 3: Appliance Installation

Step 4: Generate and Download Keys

Step 5: Appliance Configuration

Step 6: Download & Install New License Key

--- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---

Step 7: Collect & Transfer CentOS Migration Data

Step 8: Cutover to New Appliance

*See Preparation Checklist for suggested timelines to complete step.