Fortinet black logo

Admin guide

Devices (HA)

Copy Link
Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:199598
Download PDF

Devices (HA)

The Devices (HA) page enables you to view and manage authentication clients that are in HA configuration. You can access the Devices (HA) page by clicking Auth Clients > Devices (HA) on the main menu.

The Devices (HA) page has two parts (left and right). On the left is the Standalone Devices panel which shows authentication devices that are standalone (not part of any HA cluster); on the right is the Clusters panel which shows the HA clusters and the authentication clients in each of the clusters.

Search for a standalone device

On the top of the Standalone Devices panel is a Search by device's SN tool. It enables you to search for standalone devices by serial number (SN). It comes in handy when you want to locate a standalone device and add it to an existing cluster.

Note
  • You can search for a device by any part of its serial number (SN). However, the more specific your entry, the more accurate your search result.

Search for a standalone device

  1. In the upper-left corner of the Standalone panel, click Search by device's SN.
  2. Type in any part of the serial number of the device of interest.
  3. Press Enter key on your keyboard.

The device or devices that match your entry now show up in the table below.

Validate device ownership

Stating with the 21.3.c release, FTC is able to handle device ownership transfer without human intervention, automatically cleaning up user data on the transferred device from the source account.

Below are the use cases that show how FTC handles change of device ownership:

  • If you move a device (e.g., FortiGate) license and the FTC license to a new account, your FTC service will continue after the transfer.

  • If you move the FTC license to a new account but leave the device in the old account with no other FTC license, there will be no FTC service for the device.

  • If you move the device license to a new account where there is another (new) FTC license and leave the old FTC license in the old account, usage from that device now will count against the new FTC license (not the old one).

  • If you move the FTC license to a new account but leave the device in the old account, and then add a new FTC license to the old account, usage from that device will count against the new license (not the old one).

Ownership check can be performed only by clicking the Validate button from the GUI [Auth Clients > Devices(HA) > Validate].

The Auth Clients > Devices (HA) page now has a Validate Device Ownership section, which enables you to search for devices in your account/realm and to update the device registration status in FTC in real time.

To validate the registration status of a device:
  1. Click Auth Clients > Devices (HA).
  2. In the top of the page, enter the device serial number
  3. Click Validate.

Transfer devices

Device transfer can be handled either directly from Fortinet products that support it or through FortiCare.

Transfer devices from FortiGate

Device transfer can be done directly from the FortiGate GUI. The same is true with some other Fortinet products that support the feature.

To transfer a device on FOS version 6.4.1 or later, or FOS version 7.0.0 or later:
  1. Log into the FOS administrator portal.
  2. Select the global VDOM (if the multi-VDOM feature is enabled)
  3. Click System > FortiGuard > Under License Information.
  4. Click the Action button of FortiCare.
  5. Select Transfer FortiGate to Another Account.
To transfer a device on FOS version 6.4.7 or later, or FOS version 7.0.1 or later:
  1. Log into the FOS administrator portal.
  2. Select the global VDOM (if the multi-VDOM feature is enabled).
  3. Click Dashboard > Status > from the Licenses Widget.
  4. Click FortiCare Support.
  5. Select Transfer FortiGate to Another Account.

Transfer devices through FortiCare

For FOS version 6.4.0 or earlier, contact FortiCare Technical Support at https://www.fortinet.com/support/contact to request FortiGate account transfer via Live Chat or over the phone. You must have your FortiGate serial number ready, and provide the source account email and the target account email to complete the account transfer. The FortiCare team will send out authorization email to each email recipient for approval. Once they have received the authorization email, they will start the transfer process and notify you when the device transfer has been completed.

Clean up user data from the source account

Tooltip

Clean-up of user data from the source account can be performed from the FTC portal only.

  1. Log into ftc.fortinet.com using the source or target FC account.
  2. Click Auth Clients > Devices (HA).
  3. Enter the device serial number, and click Validate.
  4. Read the messages onscreen.
  5. Press Delete if you want to remove the users from the account.
  6. In the warning message, click Delete.

After clicking the Delete button, wait for a few minutes for the clean-up process to complete before clicking the Validate button.

If you click the Validate button while the clean-up is in progress, you will see the message, “Data under this device is being deleted….”

The clean-up process is completed if you see the "This device ownership info is up to date...." message after clicking Validate from the target account or the "Not allowed to check the device info." message when clicking Validate from the source account.

Caution

If you do not want to remove the users from the source account, your can transfer the device back to the original account using the instructions in Transfer devices from FortiGate. You can also contact FortiCare for assistance, if needed.

Add devices to a cluster

You can add any device in the Standalone Devices panel to any cluster in the Clusters panel. Once a standalone device is added to a cluster, it becomes part of the cluster and will be removed from the Standalone Devices panel.

Caution

Before adding a standalone device to a cluster, make sure that the change you are going to make to the cluster is consistent with its actual configuration.

  1. In the Clusters panel, locate the cluster of interest.
  2. In the Standalone Devices panel, locate the standalone device of interest. See Search for a standalone device.
  3. Select the device, and drag it to the cluster on the right.
  4. When the Device Management dialog pops up, be sure to read the message, and click OK.

Remove devices from a cluster

You can remove a device from any cluster in the Clusters panel. Once a device is removed from a cluster, it becomes standalone and shows up in the Standalone Devices panel.

Caution

Before removing a device from a cluster, you must make sure that the change you are going to make to the cluster is consistent with its actual configuration.

  1. In the Clusters panel, locate the cluster of interest.
  2. Click the down arrow to view the devices in the cluster.
  3. Highlight the device of interest, and click Moved Out. The Device Management dialog opens.
  4. Read the message, and click OK.

The device is now removed from the cluster, and appears in the Standalone Devices panel.

Move a device between clusters

You can also move devices between clusters in the Clusters panel.

Caution

Before moving a device from one cluster to another, you must make sure that the change you are going to make to the clusters is consistent with the actual configurations of your network.

  1. In the Clusters panel, locate the clusters of interest.
  2. Locate the source cluster with the device of interest.
  3. Drag the device to the target cluster. The Device Management dialog opens.
  4. Read the message, click OK to proceed.

Devices (HA)

The Devices (HA) page enables you to view and manage authentication clients that are in HA configuration. You can access the Devices (HA) page by clicking Auth Clients > Devices (HA) on the main menu.

The Devices (HA) page has two parts (left and right). On the left is the Standalone Devices panel which shows authentication devices that are standalone (not part of any HA cluster); on the right is the Clusters panel which shows the HA clusters and the authentication clients in each of the clusters.

Search for a standalone device

On the top of the Standalone Devices panel is a Search by device's SN tool. It enables you to search for standalone devices by serial number (SN). It comes in handy when you want to locate a standalone device and add it to an existing cluster.

Note
  • You can search for a device by any part of its serial number (SN). However, the more specific your entry, the more accurate your search result.

Search for a standalone device

  1. In the upper-left corner of the Standalone panel, click Search by device's SN.
  2. Type in any part of the serial number of the device of interest.
  3. Press Enter key on your keyboard.

The device or devices that match your entry now show up in the table below.

Validate device ownership

Stating with the 21.3.c release, FTC is able to handle device ownership transfer without human intervention, automatically cleaning up user data on the transferred device from the source account.

Below are the use cases that show how FTC handles change of device ownership:

  • If you move a device (e.g., FortiGate) license and the FTC license to a new account, your FTC service will continue after the transfer.

  • If you move the FTC license to a new account but leave the device in the old account with no other FTC license, there will be no FTC service for the device.

  • If you move the device license to a new account where there is another (new) FTC license and leave the old FTC license in the old account, usage from that device now will count against the new FTC license (not the old one).

  • If you move the FTC license to a new account but leave the device in the old account, and then add a new FTC license to the old account, usage from that device will count against the new license (not the old one).

Ownership check can be performed only by clicking the Validate button from the GUI [Auth Clients > Devices(HA) > Validate].

The Auth Clients > Devices (HA) page now has a Validate Device Ownership section, which enables you to search for devices in your account/realm and to update the device registration status in FTC in real time.

To validate the registration status of a device:
  1. Click Auth Clients > Devices (HA).
  2. In the top of the page, enter the device serial number
  3. Click Validate.

Transfer devices

Device transfer can be handled either directly from Fortinet products that support it or through FortiCare.

Transfer devices from FortiGate

Device transfer can be done directly from the FortiGate GUI. The same is true with some other Fortinet products that support the feature.

To transfer a device on FOS version 6.4.1 or later, or FOS version 7.0.0 or later:
  1. Log into the FOS administrator portal.
  2. Select the global VDOM (if the multi-VDOM feature is enabled)
  3. Click System > FortiGuard > Under License Information.
  4. Click the Action button of FortiCare.
  5. Select Transfer FortiGate to Another Account.
To transfer a device on FOS version 6.4.7 or later, or FOS version 7.0.1 or later:
  1. Log into the FOS administrator portal.
  2. Select the global VDOM (if the multi-VDOM feature is enabled).
  3. Click Dashboard > Status > from the Licenses Widget.
  4. Click FortiCare Support.
  5. Select Transfer FortiGate to Another Account.

Transfer devices through FortiCare

For FOS version 6.4.0 or earlier, contact FortiCare Technical Support at https://www.fortinet.com/support/contact to request FortiGate account transfer via Live Chat or over the phone. You must have your FortiGate serial number ready, and provide the source account email and the target account email to complete the account transfer. The FortiCare team will send out authorization email to each email recipient for approval. Once they have received the authorization email, they will start the transfer process and notify you when the device transfer has been completed.

Clean up user data from the source account

Tooltip

Clean-up of user data from the source account can be performed from the FTC portal only.

  1. Log into ftc.fortinet.com using the source or target FC account.
  2. Click Auth Clients > Devices (HA).
  3. Enter the device serial number, and click Validate.
  4. Read the messages onscreen.
  5. Press Delete if you want to remove the users from the account.
  6. In the warning message, click Delete.

After clicking the Delete button, wait for a few minutes for the clean-up process to complete before clicking the Validate button.

If you click the Validate button while the clean-up is in progress, you will see the message, “Data under this device is being deleted….”

The clean-up process is completed if you see the "This device ownership info is up to date...." message after clicking Validate from the target account or the "Not allowed to check the device info." message when clicking Validate from the source account.

Caution

If you do not want to remove the users from the source account, your can transfer the device back to the original account using the instructions in Transfer devices from FortiGate. You can also contact FortiCare for assistance, if needed.

Add devices to a cluster

You can add any device in the Standalone Devices panel to any cluster in the Clusters panel. Once a standalone device is added to a cluster, it becomes part of the cluster and will be removed from the Standalone Devices panel.

Caution

Before adding a standalone device to a cluster, make sure that the change you are going to make to the cluster is consistent with its actual configuration.

  1. In the Clusters panel, locate the cluster of interest.
  2. In the Standalone Devices panel, locate the standalone device of interest. See Search for a standalone device.
  3. Select the device, and drag it to the cluster on the right.
  4. When the Device Management dialog pops up, be sure to read the message, and click OK.

Remove devices from a cluster

You can remove a device from any cluster in the Clusters panel. Once a device is removed from a cluster, it becomes standalone and shows up in the Standalone Devices panel.

Caution

Before removing a device from a cluster, you must make sure that the change you are going to make to the cluster is consistent with its actual configuration.

  1. In the Clusters panel, locate the cluster of interest.
  2. Click the down arrow to view the devices in the cluster.
  3. Highlight the device of interest, and click Moved Out. The Device Management dialog opens.
  4. Read the message, and click OK.

The device is now removed from the cluster, and appears in the Standalone Devices panel.

Move a device between clusters

You can also move devices between clusters in the Clusters panel.

Caution

Before moving a device from one cluster to another, you must make sure that the change you are going to make to the clusters is consistent with the actual configurations of your network.

  1. In the Clusters panel, locate the clusters of interest.
  2. Locate the source cluster with the device of interest.
  3. Drag the device to the target cluster. The Device Management dialog opens.
  4. Read the message, click OK to proceed.