Overview
This document applies to FortiNAC appliances managed by the FortiNAC Manager. Provides the steps for a customer to migrate their existing FortiNAC virtual appliances with the CentOS operating system to new FortiNAC-F virtual appliances with the FortiNAC-OS operating system. It assumes the customer is using perpetual endpoint licenses.
Once migration is complete, the FortiNAC-F appliances will have the license, entitlements and configuration as the original FortiNAC appliances.
Requirements
-
FortiNAC Manager must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Manager.
-
Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.
-
Both appliances in the High Availability pair should be migrated in the same session. In a High Availability configuration, both FortiNAC servers must match all of the following:
-
Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)
-
Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)
Configuration examples
Supported
(Primary/Secondary)
Not Supported
(Primary/Secondary)
FNC-CA-500F / FNC-CA-500F
FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)
FNC-M-550F / FNC-M-550F
FNC-MX-VM (VMware) / FNC-MX-VM (VMware)
FNC-CA-500F / FNC-CA-600F
FNC-CAX-VM / FNC-CA-xxxF
FNC-CAX-VM / FNC-CA-VM
FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)
FNC-MX-VM / FNC-M-550F
FNC-MX-VM (VMware) / FNC-MX-VM (AWS)
-
-
Existing FortiNAC CentOS appliances (FNC-CA-xx/FNC-M-xx) should be running one of the following versions*
-
FortiNAC Software Versions
-
v9.1.10 or greater
-
v9.2.8 or greater
-
v9.4.3 or greater
-
v7.2.2 or greater
*Important: If not all PODs will be migrated in the same session, upgrade to the same version as the FortiNAC-OS appliances.
-
-
-
New FortiNAC-OS appliances should be running FortiNAC Software Version F7.2.2 or greater for the migration tools
-
F7.2.5, F7.4.0 or greater: Migration tool may need to be copied from the FortiNAC-OS appliance to CentOS appliances during the data collection step. The FortiNAC-OS performs a version check during cutover. If the migration tool used is not the same version, an error occurs. For details, see KB article 292261 (https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-How-to-Migrate-a-Standalone-CentOS-FortiNAC-to/ta-p/292261)
-
Temporary management IP address
-
CLI access to both the CentOS and FortiNAC-OS appliances
Considerations
The process outlined and the tools used for this migration is not supported for the following configurations:
-
FortiNAC Manager is using subscription endpoint licenses (Support Type = FortiNAC VM)
-
FortiNAC Control (FNC-C-xx) and Application (FNC-A-xx) Appliance Pairs
-
FortiNAC-OS system to another FortiNAC-OS system
Migration Steps
Below are the steps required to complete the migration.
Step 1: Product Registration*
Step 2: Transfer Endpoint License Entitlements *
Step 3: Appliance Installation
Step 4: Generate and Download Keys
Step 5: Appliance Configuration
Step 6: Download & Install New License Key
--- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---
Step 7: Migrate Managed Servers - Collect & Transfer CentOS Migration Data
Step 8: Migrate Managed Servers - Cutover to New Appliance
Step 9: Migrate FortiNAC Manager - Collect & Transfer CentOS Migration Data
Step 10: Migrate FortiNAC Manager - Cutover to New Appliance
Step 11: Update Allowed Serial Number List (if necessary)
*See Preparation Checklist for suggested timelines to complete step.