Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • High Availability Environments (Separate C+A Servers)

    Home FortiNAC-F 7.6.0 High Availability Environments (Separate C+A Servers)
    7.6.0
    7.6.0
    7.4.0
    7.2.0

    Overview

    Overview

    This document applies to FortiNAC appliances configured for High Availability. Provides the steps for a customer to migrate their existing FortiNAC Control (FNC-C-VM) and Application (FNC-A-VM) virtual appliance pair to the new FortiNAC-F virtual appliance (FNC-CAX-VM). The FNC-C-VM and FNC-A-VM pair use the CentOS operating system. The FNC-CAX-VM uses the FortiNAC-OS operating system. This document assumes the customer is using perpetual endpoint licenses.

    Once migration is complete, the FortiNAC-OS appliance will have the license, entitlements and configuration of the CentOS appliance pair.

    Note

    If managed by a FortiNAC Manager, do not use this document. Proceed to:

    Separate C+A to FortiNAC-OS VM Migration - FortiNAC Manager Environments

    Requirements

    • The FortiNAC Primary Server must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Control Server.

    • Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.

    • Both FortiNAC servers must match all of the following:

      • Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)

      • Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)

        See chart below for examples.

        Previously, the FortiNAC "C" Series (CentOS operating system) used a .bin install file specific to the software version for software upgrades. This file was used for all appliance types.

        The FortiNAC "F" series (FortiNAC-OS operating system) uses a .out image file that combines the Software and OS updates. These .out files are specific to the software version and appliance type (virtual appliance vendor or physical hardware model).

        Examples

        FNAC_AWS-v7.4.0-build0427-FORTINET.out (VM (AWS) FortiNAC vF7.4.0.0427)

        FNAC_AZU-v7.4.0-build0427-FORTINET.out (VM (Azure) FortiNAC vF7.4.0.0427)

        FNAC_CA_500F-v7.4.0-build0427-FORTINET.out (Hardware CA (500F) FortiNAC vF7.4.0.0427)

        FNAC_CA_600F-v7.4.0-build0427-FORTINET.out (Hardware CA (600F) FortiNAC vF7.4.0.0427)

        To upgrade, the primary server downloads the .out update file applicable to its appliance type and copies it to the secondary. If FortiNAC-F servers are mixed within the HA pair, the primary server will not have the required .out file for the secondary. As a result, the secondary server will not update.

        Configuration Example – High Availability Pair

        Supported

        (Primary/Secondary)

        Not Supported

        (Primary/Secondary)

        FNC-CA-500F / FNC-CA-500F

        FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)

        FNC-M-550F / FNC-M-550F

        FNC-MX-VM (VMware) / FNC-MX-VM (VMware)

        FNC-CA-500F / FNC-CA-600F

        FNC-CAX-VM / FNC-CA-xxxF

        FNC-CAX-VM / FNC-CA-VM

        FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)

        FNC-MX-VM / FNC-M-550F

        FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

    • Recommended FortiNAC software versions

    • Temporary management IP address

    • CLI access to both the CentOS and FortiNAC-OS appliances

    Considerations

    The process outlined and the tools used for this migration is not supported for the following:

    • FortiNAC systems using subscription endpoint licenses (Support Type = FortiNAC VM)

    • FortiNAC-OS appliances running F7.2.5:

      • "Portal" and "Persistent Agent" SSL certificates will not be migrated. These certificates will have to be installed post migration. Reference Ticket # 988244 in the Known Issues section of version 7.2.5 Release Notes.

      • Migration script fails to bundle on Control and Application server pairs configured for High Availability. Reference Ticket # 990531 in the Known Issues section of version 7.2.5 Release Notes.

    Migration Steps

    Below are the steps required to complete the migration.

    Step 1: Product Registration*

    Step 2: Transfer Endpoint License Entitlements*

    Step 3: Appliance Installation

    Step 4: Generate and Download Keys

    Step 5: Appliance Configuration

    Step 6: Download & Install New License Key

    --- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---

    Step 7: Collect & Transfer CentOS Migration Data

    Step 8: Cutover to New Appliance

    *See Preparation Checklist for suggested timelines to complete step.

    Previous
    Next

    Overview

    Overview

    This document applies to FortiNAC appliances configured for High Availability. Provides the steps for a customer to migrate their existing FortiNAC Control (FNC-C-VM) and Application (FNC-A-VM) virtual appliance pair to the new FortiNAC-F virtual appliance (FNC-CAX-VM). The FNC-C-VM and FNC-A-VM pair use the CentOS operating system. The FNC-CAX-VM uses the FortiNAC-OS operating system. This document assumes the customer is using perpetual endpoint licenses.

    Once migration is complete, the FortiNAC-OS appliance will have the license, entitlements and configuration of the CentOS appliance pair.

    Note

    If managed by a FortiNAC Manager, do not use this document. Proceed to:

    Separate C+A to FortiNAC-OS VM Migration - FortiNAC Manager Environments

    Requirements

    • The FortiNAC Primary Server must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Control Server.

    • Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.

    • Both FortiNAC servers must match all of the following:

      • Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)

      • Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)

        See chart below for examples.

        Previously, the FortiNAC "C" Series (CentOS operating system) used a .bin install file specific to the software version for software upgrades. This file was used for all appliance types.

        The FortiNAC "F" series (FortiNAC-OS operating system) uses a .out image file that combines the Software and OS updates. These .out files are specific to the software version and appliance type (virtual appliance vendor or physical hardware model).

        Examples

        FNAC_AWS-v7.4.0-build0427-FORTINET.out (VM (AWS) FortiNAC vF7.4.0.0427)

        FNAC_AZU-v7.4.0-build0427-FORTINET.out (VM (Azure) FortiNAC vF7.4.0.0427)

        FNAC_CA_500F-v7.4.0-build0427-FORTINET.out (Hardware CA (500F) FortiNAC vF7.4.0.0427)

        FNAC_CA_600F-v7.4.0-build0427-FORTINET.out (Hardware CA (600F) FortiNAC vF7.4.0.0427)

        To upgrade, the primary server downloads the .out update file applicable to its appliance type and copies it to the secondary. If FortiNAC-F servers are mixed within the HA pair, the primary server will not have the required .out file for the secondary. As a result, the secondary server will not update.

        Configuration Example – High Availability Pair

        Supported

        (Primary/Secondary)

        Not Supported

        (Primary/Secondary)

        FNC-CA-500F / FNC-CA-500F

        FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)

        FNC-M-550F / FNC-M-550F

        FNC-MX-VM (VMware) / FNC-MX-VM (VMware)

        FNC-CA-500F / FNC-CA-600F

        FNC-CAX-VM / FNC-CA-xxxF

        FNC-CAX-VM / FNC-CA-VM

        FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)

        FNC-MX-VM / FNC-M-550F

        FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

    • Recommended FortiNAC software versions

    • Temporary management IP address

    • CLI access to both the CentOS and FortiNAC-OS appliances

    Considerations

    The process outlined and the tools used for this migration is not supported for the following:

    • FortiNAC systems using subscription endpoint licenses (Support Type = FortiNAC VM)

    • FortiNAC-OS appliances running F7.2.5:

      • "Portal" and "Persistent Agent" SSL certificates will not be migrated. These certificates will have to be installed post migration. Reference Ticket # 988244 in the Known Issues section of version 7.2.5 Release Notes.

      • Migration script fails to bundle on Control and Application server pairs configured for High Availability. Reference Ticket # 990531 in the Known Issues section of version 7.2.5 Release Notes.

    Migration Steps

    Below are the steps required to complete the migration.

    Step 1: Product Registration*

    Step 2: Transfer Endpoint License Entitlements*

    Step 3: Appliance Installation

    Step 4: Generate and Download Keys

    Step 5: Appliance Configuration

    Step 6: Download & Install New License Key

    --- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---

    Step 7: Collect & Transfer CentOS Migration Data

    Step 8: Cutover to New Appliance

    *See Preparation Checklist for suggested timelines to complete step.

    Previous
    Next