Cutover to New Appliances
Restore the original configuration on the new FortiNAC primary and secondary servers.
-
Shut down both CentOS appliances from the CLI. Type:
shutdownNAC shutdownNAC –kill halt
-
Restore the configuration of the old Primary Server on the new Primary Server. In the Primary Server FortiNAC-OS appliance CLI, type:
execute restore legacy-migrate local <.zip filename>
Example:
execute restore legacy-migrate local centos-backup-2023_01_11_14_39_20.zip
Note there will be no feedback until the restore is complete. This can take several minutes. Once complete, the following message displays:
Successfully migrated configuration. System will now reboot shortly.
-
After the reboot, the FortiNAC-OS appliance will now have the IP address(es) of the CentOS appliance.
-
Log in to the new Primary Server Administration UI using standard credentials.
-
Review the Dashboard to ensure the information is correct:
-
System Summary should reflect new appliance
-
License Information should reflect license entitlements
-
Any other dashboard widgets normally referenced
-
-
Validate features and functions.
-
Restore the configuration of the Secondary Server. In the Secondary Server FortiNAC-OS appliance CLI, type:
execute restore legacy-migrate local <.zip filename>
-
After the Secondary Server has rebooted, log in to the CLI of both appliances.
-
In the Primary Server CLI, type
get system public-key
-
Copy the output to buffer. This is the Primary Server SSH key.
-
In the Secondary Server CLI, add the Primary Server SSH key. Type
config system ha
set public-key add <Primary Server SSH key>
end
get system public-key
-
Copy the output of the last command to buffer. This is the Secondary Server SSH key.
-
In the Primary Server CLI, add the Secondary Server SSH key. Type
config system ha set public-key add <Secondary Server SSH key> end
-
Confirm the appliances can connect to each other via SSH.
execute ssh admin@<IP address>
-
Once SSH communication is confirmed, log out of the CLI of both appliances.
-
Connect to the Administration UI of the Primary Server.
-
Navigate to System > Settings > System Management > High Availability.
The fields should display the configuration from the old appliances.
-
Re-apply the High Availability configuration. Click Save Settings and wait for the success message.
-
Restart FortiNAC services on both appliances to apply changes. Navigate to System > Settings > System Management > Power Management.
-
Select the Secondary Server from the list and click Reboot.
-
Immediately after, select the Primary Server and click Reboot.
-
Validate. See Step 3: Validate of the FortiNAC-OS High Availability Guide.
Migration is complete. In the event the migration does not complete as expected, the original appliance can be brought back online. For instructions, see Revert Back to CentOS Appliance.
Refining Communication Access to FortiNAC
The FortiNAC software runs on top of the FortiNAC-OS operating system. Unlike CentOS, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the set allowaccess command via the appliance CLI. The access that must be enabled depends upon the features required.
All options were enabled during the migration process. This is identical to the CentOS appliance functionality. If it is desired to close access for features not being used, refer to the following documentation:
-
For a complete listing of required open ports, see Open ports in the Administration Guide.
For details on the set allowaccess command, see Interface in the CLI Reference manual.