Fortinet black logo

Maintenance

Maintenance

System maintenance tasks include:

Backing up the configuration

You can back up the configuration of FortiAuthenticator to your local computer. See Backing up and restoring the configuration for more information.

Automatic system configuration backup can also be configured. See Configuring auto-backup for information.

Upgrading the firmware

Periodically, Fortinet issues firmware upgrades that fix known issues, add new features and functionality, and generally improve your FortiAuthenticator experience. See Firmware upgrade for more information.

Before proceeding to upgrade your system, Fortinet recommends you back up your configuration. Please follow the procedure detailed in Backing up and restoring the configuration.

To upgrade the firmware, you must first register your FortiAuthenticator with Fortinet. See Registering your Fortinet product for more information.

To upgrade FortiAuthenticator firmware from the GUI:
  1. Download the latest firmware to your local computer from the Fortinet Support website.
  2. Go to System > Administration > Firmware Upgrade.
  3. Select Choose File and locate the firmware image on your local computer.
  4. Select OK.
    The firmware image uploads from your local computer to the FortiAuthenticator device, which will then reboot. For a short period of time during this reboot, the FortiAuthenticator device is offline and unavailable for authentication.
To upgrade FortiAuthenticator firmware using the CLI:
  1. Copy the latest firmware image file to the root directory of the FTP/TFTP server.
  2. Log into the CLI.
  3. Enter the following command to copy the firmware image from the FTP/TFTP server to FortiAuthenticator:
  4. For ftp servers:

    execute restore image ftp <filename> <ftp_ipv4>

    For tftp servers:

    execute restore image tftp <filename> <tftp_ipv4>

    Where is the <filename> is the name of the firmware image file and <ftp_ipv4> or <tftp_ipv4> is the IP address of the FTP/TFTP server.

  5. Type y.
  6. FortiAuthenticator uploads the firmware image file, upgrades to the new firmware version, and restarts.

Licensing

FortiAuthenticator-VM works in evaluation mode until it is licensed. The license is valid only if one of the FortiAuthenticator interfaces is set to the IP address specified in the license. See Licensing for more information.

To license FortiAuthenticator:
  1. Go to System > Administration > Licensing.
  2. Select Choose File and locate on your local computer the license file you received from Fortinet.
  3. Select OK.

Swapping hard disks

If a hard disk on a FortiAuthenticator unit fails, it must be replaced. On FortiAuthenticator devices that support hardware RAID, the hard disk can be replaced while the unit is still running - know as hot swapping. On FortiAuthenticator units with software RAID, the device must be shutdown prior to exchanging the hard disk.

To identify the failed hard disk, go to System > Dashboard > Status and view the Disk Monitor widget. When a hard disk fails, the RAID status shows as Degraded and the RAID status icon displays a warning indication in yellow. In the RAID graphic, the failed hard disk disappears from the RAID array or displays with a blue question mark symbol.

When replacing a hard disk, you need to first verify that the new disk is the same size as those supplied by Fortinet and has at least the same capacity as the old one in the FortiAuthenticator unit. Installing a smaller hard disk will affect the RAID setup and may cause data loss. Due to possible differences in sector layout between disks, the only way to guarantee that two disks have the same size is to use the same brand and model.

The size provided by the hard drive manufacturer for a given disk model is only an approximation. The exact size is determined by the number of sectors present on the disk.

caution icon Electrostatic discharge (ESD) can damage FortiAuthenticator equipment. Only perform the procedures described in this document from an ESD workstation. If no such station is available, you can provide some ESD protection by wearing an anti-static wrist or ankle strap and attaching it to an ESD connector or to a metal part of a FortiAuthenticator chassis.
To hot swap a hard disk on a device that supports hardware RAID:
  1. Remove the faulty hard disk.
  2. Install a new disk in the same slot from which the failed disk was removed.
  3. The Disk Monitor widget updates. In the RAID graphic, a blue question mark symbol appears in the representative slot where the new hard disk is installed. If the blue question mark symbol does not appear shortly after the new disk is installed, in the widget, click Refresh to refresh the RAID status.

  4. In the RAID graphic, click the blue question mark symbol.
  5. The hard disk re-synchronization/rebuild process is initialized. This process can take over an hour to complete, depending on the size of the hard disk. The RAID status changes to display the progress of the RAID re-synchronization/rebuild.

After the re-synchronization/rebuild process is complete, the RAID status changes to OK and the RAID status icon displays a green checkmark.

Maintenance

System maintenance tasks include:

Backing up the configuration

You can back up the configuration of FortiAuthenticator to your local computer. See Backing up and restoring the configuration for more information.

Automatic system configuration backup can also be configured. See Configuring auto-backup for information.

Upgrading the firmware

Periodically, Fortinet issues firmware upgrades that fix known issues, add new features and functionality, and generally improve your FortiAuthenticator experience. See Firmware upgrade for more information.

Before proceeding to upgrade your system, Fortinet recommends you back up your configuration. Please follow the procedure detailed in Backing up and restoring the configuration.

To upgrade the firmware, you must first register your FortiAuthenticator with Fortinet. See Registering your Fortinet product for more information.

To upgrade FortiAuthenticator firmware from the GUI:
  1. Download the latest firmware to your local computer from the Fortinet Support website.
  2. Go to System > Administration > Firmware Upgrade.
  3. Select Choose File and locate the firmware image on your local computer.
  4. Select OK.
    The firmware image uploads from your local computer to the FortiAuthenticator device, which will then reboot. For a short period of time during this reboot, the FortiAuthenticator device is offline and unavailable for authentication.
To upgrade FortiAuthenticator firmware using the CLI:
  1. Copy the latest firmware image file to the root directory of the FTP/TFTP server.
  2. Log into the CLI.
  3. Enter the following command to copy the firmware image from the FTP/TFTP server to FortiAuthenticator:
  4. For ftp servers:

    execute restore image ftp <filename> <ftp_ipv4>

    For tftp servers:

    execute restore image tftp <filename> <tftp_ipv4>

    Where is the <filename> is the name of the firmware image file and <ftp_ipv4> or <tftp_ipv4> is the IP address of the FTP/TFTP server.

  5. Type y.
  6. FortiAuthenticator uploads the firmware image file, upgrades to the new firmware version, and restarts.

Licensing

FortiAuthenticator-VM works in evaluation mode until it is licensed. The license is valid only if one of the FortiAuthenticator interfaces is set to the IP address specified in the license. See Licensing for more information.

To license FortiAuthenticator:
  1. Go to System > Administration > Licensing.
  2. Select Choose File and locate on your local computer the license file you received from Fortinet.
  3. Select OK.

Swapping hard disks

If a hard disk on a FortiAuthenticator unit fails, it must be replaced. On FortiAuthenticator devices that support hardware RAID, the hard disk can be replaced while the unit is still running - know as hot swapping. On FortiAuthenticator units with software RAID, the device must be shutdown prior to exchanging the hard disk.

To identify the failed hard disk, go to System > Dashboard > Status and view the Disk Monitor widget. When a hard disk fails, the RAID status shows as Degraded and the RAID status icon displays a warning indication in yellow. In the RAID graphic, the failed hard disk disappears from the RAID array or displays with a blue question mark symbol.

When replacing a hard disk, you need to first verify that the new disk is the same size as those supplied by Fortinet and has at least the same capacity as the old one in the FortiAuthenticator unit. Installing a smaller hard disk will affect the RAID setup and may cause data loss. Due to possible differences in sector layout between disks, the only way to guarantee that two disks have the same size is to use the same brand and model.

The size provided by the hard drive manufacturer for a given disk model is only an approximation. The exact size is determined by the number of sectors present on the disk.

caution icon Electrostatic discharge (ESD) can damage FortiAuthenticator equipment. Only perform the procedures described in this document from an ESD workstation. If no such station is available, you can provide some ESD protection by wearing an anti-static wrist or ankle strap and attaching it to an ESD connector or to a metal part of a FortiAuthenticator chassis.
To hot swap a hard disk on a device that supports hardware RAID:
  1. Remove the faulty hard disk.
  2. Install a new disk in the same slot from which the failed disk was removed.
  3. The Disk Monitor widget updates. In the RAID graphic, a blue question mark symbol appears in the representative slot where the new hard disk is installed. If the blue question mark symbol does not appear shortly after the new disk is installed, in the widget, click Refresh to refresh the RAID status.

  4. In the RAID graphic, click the blue question mark symbol.
  5. The hard disk re-synchronization/rebuild process is initialized. This process can take over an hour to complete, depending on the size of the hard disk. The RAID status changes to display the progress of the RAID re-synchronization/rebuild.

After the re-synchronization/rebuild process is complete, the RAID status changes to OK and the RAID status icon displays a green checkmark.