System update

To update FortiNAC Manager, download the most recent FortiNAC Manager software distribution. Connection settings must be configured for access to the server where the download is hosted.

The database is automatically backed up during the update process.

High availability environment

To update your servers in a high availability environment note the following:

• The primary server must be running and in control in order to update the system.
• The secondary server(s) must be running.
• The primary server must be able to communicate with the secondary server(s).
• The primary server automatically updates the secondary server(s).
• If the secondary server(s) is in control, FortiNAC Manager prevents you from updating and displays a message with detailed instructions indicating that the Primary must be running and in control.

Update the primary server following the instructions shown here for a regular update.

Update Managed Servers

FortiNAC Manager can be used to update the managed servers. This is done by propagating the update from the FortiNAC Manager to the managed servers throughout the environment.

Managed Server Update Requirements

• FortiNAC Manager and all its managed servers must be upgraded to run the same version of code. Otherwise, certain functions (like server synchronization) will not be supported.

• Managed Servers currently running version 7.2.3 or lower: If the below requirements are not met, the update must be run from the managed server's Administration UI and not the Manager.

  • Managed servers must use the same Operating System (CentOS or FortiNAC-OS) as the Manager.

    Example:

    FNC-M-xx (CentOS) can upgrade FNC-CA-xx (CentOS)

    FNC-MX-xx (FortiNAC-OS) can upgrade FNC-CAX-xx (FortiNAC-OS)

    FNC-MX-xx (FortiNAC-OS) cannot upgrade FNC-CA-xx (CentOS)

  • Managers using FortiNAC-OS (FNC-MX-xx) can only update managed servers running on the same virtual appliance platform.

    Example:

    FNC-MX-xx on VMware can upgrade FNC-CAX-xx on VMware

    FNC-MX-xx on VMware cannot upgrade FNC-CAX-xx on Hyper-V

Configure settings

Configure the connection settings for the download location so the Auto-Def Synchronizer, Agent packages, and the Software Distribution Updates can be completed. You need to change the default settings if another server is used to host the auto-definition or updated distribution files.

1. Click System > Settings.
2. Expand the Updates folder.
3. Select System from the tree.
4. Go to the System Update Settings section of the screen.
5. Use the table below to enter the update settings.
6. Contact Customer Support for the correct login credentials.
7. Click Test to check that the settings allow connection to the auto-definition directory and the product distribution directory.

   Refer to the System Update Settings section of the Release Notes on our website for information about the distribution directory for the specific version you wish to download and install.

8. Once connection to the server is established, click Save Settings.

Settings

Field	Definition
Host	Host IP address, host name, or fully qualified name of the server that is hosting the updates. Applies to both software and Operating System updates.
Auto-Definition Directory	The sub-directory where the weekly antivirus and operating system updates are located. Default setting for this field is a period (.). If you are downloading these files from a server on your network, specify the directory containing the updates. If you prefer to download and install updates on a delayed schedule, you can choose system updates from one, two, three or four weeks ago by modifying this field with an additional sub-directory. For example, entering /week1 gives you an update that is one week old. Available directories are: ./week1 contains updates that are one week old. ./week2 contains updates that are two weeks old. ./week3 contains updates that are three weeks old. ./week4 contains updates that are four weeks old.
Product Distribution Directory	The sub-directory where the product software files are located. This field will vary depending on the version of the software being updated. A forward slash (/) may be required in the path configuration. Click Test to confirm the configuration. Refer to the FortiNAC ManagerRelease Notes for information about the distribution directory for the specific version package you wish to download and install.
Agent Distribution Directory	The sub-directory where the Agent update files are located. This field will vary depending on the version of the software being updated. A forward slash (/) may be required in the path configuration. Click Test to confirm the configuration. Refer to the FortiNAC ManagerRelease Notes for information about the distribution directory for the specific version package you wish to download and install.
User	The user name for the connection.
Password	The password for the connection.
Protocol	Applies to both software and Operating System updates. HTTP HTTPS SFTP - This option has been deprecated and no longer works. It will be removed in a future release. FTP PFTP
Buttons
Test	Tests the connection between the FortiNAC Manager program and the update server.
Revert To Defaults	Returns the window to the factory default settings.

Download

For ForrtiNAC-OS, the firmware image will display as majorrelease.build (7.0068) which is different from CentOS which displays majorrelease.minorrelease.patchreelase.build (9.4.4.0789).

To update the software on the appliance, download the distribution files to the appliance.

1. Click System > Settings.
2. Expand the Updates folder.
3. Select System from the tree.
4. Click Download. FortiNAC Manager automatically connects to the download server and retrieves a list of the files available for download. FortiNAC Manager displays a warning message if no update files are found.
5. Scroll through the list of files available for download. Select the most recent distribution file and then click Download. Available distribution files are listed in order by version number with the most recent number at the top of the list.
6. Click Download to start the download process. This process runs in the background and closes automatically.

Distribute

Copy the distribution file to the managed servers.

1. Click the Distribute button.

2. Select the version from the drop-down menu.

3. Select the servers from the Server List to update.

4. Click OK.

A window will appear to display the file transfer progress.

Install

Once the distribution files have been downloaded to the appliance, you must manually start the installation. Since the update process restarts the appliance, choose a time to install the update when it will have the least impact on services. The update takes several minutes.

1. Click System > Settings.
2. Expand the Updates folder.
3. Select System from the tree.
4. Click Install.
5. Select the distribution file from the drop-down list and click Update.

6. Verify that the update was successful by checking the version number for the currently installed version. This can be viewed using either the Admin UI or CLI.

   Admin UI:

   • System Summary Dashboard widget

   • User icon drop-down menu in upper right corner

   CentOS CLI: Enter the following at the command line prompt:

   master; cat .version

   FortiNAC-OS CLI: Enter the following at the command line prompt:

   get system status

Show log

A log of the updates is maintained during installation. To view the logs, after installation, click Show Log and select the date of the installation.

In a high availability configuration, the update log files are located on the primary appliance, since the primary appliance must be in control during an update.

1. Click System > Settings.
2. Expand the Updates folder.
3. Select System from the tree.
4. Click Show Log.
5. Select the Date from the list.
6. The log detail displays in the view.
7. Close the window.