Operating system
This document describes the method for updating CentOS on FortiNAC appliances and virtual machines. It is recommended that the operating system be updated regularly to maintain the highest possible level of security on the server. Refer to Fortinet CentOS Update Policy for additional details.
Operating system updates
In a high availability (HA) environment with redundant servers or in the case of a FortiNAC Control Server/Application Server pair, all of the servers can be updated from the Operation System Updates panel. If a server cannot be reached an error message displays in the table along with the IP address of the server.
When the Operating System Updates panel is accessed, the table is empty. Clicking the Check for Updates button contacts the update repository and determines whether all of the available updates have been installed on each FortiNAC server. The status of each server is displayed in the table. Servers are updated by clicking the Update. operating system updates are downloaded from Fortinet via FTP. When an update is initiated the following event is generated: Operating System Update Initiated.
The update process can take a long time and requires that the updated servers be rebooted.
Requirements
-
FortiNAC firmware versions 6.x and higher (CentOS 7).
-
Access to fnac-updates.fortinet.net from each appliance or virtual machine.
-
Operating system and FortiNAC software updates use the same transfer protocol settings.
-
To change the transfer protocol used, see System update in the Administration Guide.
-
HTTP access to centos.org from each appliance or virtual machine.
-
Maintenance window to reboot the appliance or virtual machine after installing the updates.
-
Hardware appliances: Dell hardware with one of these SKUs:
FNC-CA-XXXC, FNC-C-XXXXC, FNC-A-XXXXC, FNC-M-550C -
Legacy models:
FNC-R-650C, SYS-BFN330-XXXX, SYS-BFN630-XXXX, SYS-BFN630XL-XXXX, SYS-G-BFN630-XXXX, SYC-FNT440-XXX, SYC-FNT440XL-XXX, SYC-FNT330-000
- Outbound internet access is recommended for all servers that are being updated.
- If you are running FortiNAC in a virtual machine, take a snapshot of the VM before updating the operating system.
- Update packages are signed and will not install if keys do not match those on the appliance or virtual machine.
Update the operating system
- Click System > Settings.
- Expand the Updates folder.
- Select Operating System from the tree.
- Click Check for Updates to check the FTP server for updates and assess whether the FortiNAC servers are up to date or not.
- Click Update All to begin downloading and installing the operating system updates.
- A warning is displayed indicating that this is a long process and that you must reboot the server after the update. Click Yes to continue.
- Use Show Log at the bottom of the table to view a log of the update process.
- When the update is complete, select System Management > Power Management from the tree.
- Select each server and click Reboot to reboot the FortiNAC Server. If you have a Control Server and an Application Server, they must both be rebooted.
Settings
Field |
Definition |
---|---|
Check For Updates Button |
Queries the Fortinet FTP site to determine if there are updates available and to check the update status of each FortiNAC server. |
Update All Button |
Displays only when there are updates available. The Status field indicates the status of the server selected in the table. It is the same as the Status column in the table. |
Host |
Name of the FortiNAC server. |
Product |
Type of FortiNAC server. Types include:
|
Status |
Indicates the overall update status of the FortiNAC Server or Control Server/Application server pair, including: Updates Available:Updates are available for one or more of the FortiNAC servers listed in the table. Up To Date: All servers are up to date. Error - Unable to establish an FTP session to downloads.bradfordnetworks.com Error - Unable to ping host Error - Unable to ssh to host |
Last Updated |
Date and time of the last update attempt using the Administration UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded. Execute Operating System Updates through the UI in order to maintain update history. |
Last Update Status |
Status Indicates the state of the last update using the UI. States include: Never Updated: Server has never had an operating system update. Success: Server was updated successfully. Failed: Update attempt has failed. |
Last Update Duration |
Amount of time that it took to update the server on the most recent update attempt using the UI. If the last update was not successful, this number may be very low. |
Show Log |
Displays the update log. |