Fortinet black logo

Release Notes

Home FortiNAC-F 7.4.0 Release Notes
7.4.0
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0

Pre-upgrade procedure (FNC-MX-xx/FNC-CAX-xx)

Pre-upgrade procedure (FNC-MX-xx/FNC-CAX-xx)

This configuration applies to FortiNAC version 7.2.2 and greater.

Configure all servers to allow communication between each other. This is done using an attribute that lists all the allowed serial numbers with which appliances can communicate.

Steps

  1. Compile the allowed serial number list. In a text file (Notepad, etc), document the serial numbers of each appliance. Serial numbers can be obtained in the following ways:

    • Customer Portal (https://support.fortinet.com)

    • System Summery Dashboard widget in the Administration UI of each appliance

    • CLI of each appliance using get system status command

    Example:

    FortiNAC Manager A (primary) & B (secondary)

    FortiNAC-CA servers A (primary) & B (secondary)

    FortiNAC-CA server C

    Record serial numbers for:

    FortiNAC Manager A: FNVM-Mxxxxx1

    FortiNAC Manager B: FNVM-Mxxxxx2

    FortiNAC-CA server A: FNVM-CAxxxxx4

    FortiNAC-CA server B: FNVM-CAxxxxx5

    FortiNAC-CA server C: FNVM-CAxxxxx6

  2. In the same text file, write the following command, listing all the serial numbers recorded in the previous step:

    Command:

    globaloptiontool -name security.allowedserialnumbers -setRaw "<serialnumber1>,<serialnumber2>,<serialnumber3>"

    Example

    globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"

  3. Perform the following steps on all servers:

    a. Log in to the CLI as admin and type:

    execute enter-shell

    Hit <ENTER>

    b. Paste the globaloptiontool command from the previous step.

    Note:

    • The message "Warning: There is no known option with name: security.allowedserialnumbers" may appear. This is normal.

    • In High Availability configurations, only the Primary Server need to have the command entered. Database replication will copy the configuration to the Secondary Server. Using the above example, CLI configuration would be applied to Manager A.

    Example

    > globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"
    Warning: There is no known option with name: security.allowedserialnumbers
    New option added

    c. Confirm entry by typing:

    globaloptiontool -name security.allowedserialnumbers

    Example

    > globaloptiontool -name security.allowedserialnumbers
    Warning: There is no known option with name: security.allowedserialnumbers
    122 security.allowedserialnumbers: FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6

  4. Restart FortiNAC services. Type:

    shutdownNAC

    <wait 30 seconds>

    startupNAC

  5. Log out of the CLI. Type:

    exit
    exit

You have completed the pre-upgrade procedure.

Previous
Next

Pre-upgrade procedure (FNC-MX-xx/FNC-CAX-xx)

This configuration applies to FortiNAC version 7.2.2 and greater.

Configure all servers to allow communication between each other. This is done using an attribute that lists all the allowed serial numbers with which appliances can communicate.

Steps

  1. Compile the allowed serial number list. In a text file (Notepad, etc), document the serial numbers of each appliance. Serial numbers can be obtained in the following ways:

    • Customer Portal (https://support.fortinet.com)

    • System Summery Dashboard widget in the Administration UI of each appliance

    • CLI of each appliance using get system status command

    Example:

    FortiNAC Manager A (primary) & B (secondary)

    FortiNAC-CA servers A (primary) & B (secondary)

    FortiNAC-CA server C

    Record serial numbers for:

    FortiNAC Manager A: FNVM-Mxxxxx1

    FortiNAC Manager B: FNVM-Mxxxxx2

    FortiNAC-CA server A: FNVM-CAxxxxx4

    FortiNAC-CA server B: FNVM-CAxxxxx5

    FortiNAC-CA server C: FNVM-CAxxxxx6

  2. In the same text file, write the following command, listing all the serial numbers recorded in the previous step:

    Command:

    globaloptiontool -name security.allowedserialnumbers -setRaw "<serialnumber1>,<serialnumber2>,<serialnumber3>"

    Example

    globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"

  3. Perform the following steps on all servers:

    a. Log in to the CLI as admin and type:

    execute enter-shell

    Hit <ENTER>

    b. Paste the globaloptiontool command from the previous step.

    Note:

    • The message "Warning: There is no known option with name: security.allowedserialnumbers" may appear. This is normal.

    • In High Availability configurations, only the Primary Server need to have the command entered. Database replication will copy the configuration to the Secondary Server. Using the above example, CLI configuration would be applied to Manager A.

    Example

    > globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"
    Warning: There is no known option with name: security.allowedserialnumbers
    New option added

    c. Confirm entry by typing:

    globaloptiontool -name security.allowedserialnumbers

    Example

    > globaloptiontool -name security.allowedserialnumbers
    Warning: There is no known option with name: security.allowedserialnumbers
    122 security.allowedserialnumbers: FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6

  4. Restart FortiNAC services. Type:

    shutdownNAC

    <wait 30 seconds>

    startupNAC

  5. Log out of the CLI. Type:

    exit
    exit

You have completed the pre-upgrade procedure.

Previous
Next