Fortinet black logo

FortiNAC Manager

Home FortiNAC 9.4.0 FortiNAC Manager
9.4.0
9.4.0
9.2.0
9.1.0

Decommission Manager

Decommission Manager

If the Manager is no longer needed, use these steps to disable the FortiNAC Manager such that entitlements are transferred to the FortiNAC-CA server.

This procedure assumes the use of perpetual licenses (as opposed to subscription). If using subscription licensing, this document does not apply.

Requirements

  • FortiNAC version: 9.2.7, 9.4.2, F7.2.1 or greater on all appliances

  • License contracts have been migrated from the Manager to the FortiNAC-CA

  • Endpoint licenses for any additional managed FortiNAC server or High Availability pairs that will continue to run

Considerations

  • Perform snapshots on any virtual appliances before proceeding

  • During this process, there will be a period of time where entitlements will not be available

  • Services on the FortiNAC Server will be restarted

  • Due to the above, it is recommended this process be done during a maintenance window if the FortiNAC-CA is controlling network access (under enforcement)

Step 1: Download New Key

This step can be done prior to the maintenance window.

  1. Login to the Customer Support Portal at http://Support.Fortinet.com

  2. Under the Asset Management panel, click Product List.

  3. Click View Options and select Show Entitlement and click Apply.

    The Support Type column should now display.

  4. In the Search bar at the top of the view, type License Support. The resulting entries are the products with endpoint license keys.

  5. To view the MAC address and UUID, click on the serial number.

  6. Note the serial number of the appliance having the endpoint license upgraded.

  7. Click on the appliance serial number again. Under Entitlement, License Support should be listed.

  8. Under License & Key, the endpoint license type should be listed along with the number of concurrent licenses.

  9. Under Key, select Get the License File next to FortiNAC License File Download. File will have a .lic extension.

  10. Download the license key file (<serial number>.lic) and save to a folder. This will be used in the next section.

    Important: This license key can only be applied to the appliance owning the serial number in the .lic filename.

  11. Logout of Customer Support Portal.

Step 2: Review Global Objects

This step can be done prior to the maintenance window.

In the Manager, take a screen capture or note the global objects and confirm they are present on the managed FortiNAC-CA. This list will be used to verify the objects once the server is removed from the Manager.

Admin Profiles:

Users & Hosts > Administrators > Profiles

Guest Templates:

Users & Hosts > Guests & Contractors > Templates

Device Profiling Rules:

Users & Hosts > Device Profiling Rules

Device Types:

System > Settings Identification > Device Types

Groups:

System > Groups

Roles:

Policy & Objects > Roles

User/Host Profiles:

Policy & Objects > User/Host Profiles

Endpoint Compliance Policies:

Policy & Objects > Endpoint Compliance > Policies

Endpoint Compliance Configurations:

Policy & Objects > Endpoint Compliance > Configurations

Endpoint Compliance Scans:

Policy & Objects > Endpoint Compliance > Scans

Security Actions used by Endpoint Compliance configurations:

Policy & Objects > Endpoint Compliance > Actions

Step 3: Remove Server from Server List

  1. Log in to the FortiNAC Manager UI in one web browser window and the FortiNAC-CA UI in another.
  2. In the Manager’s Dashboard, select the FortiNAC-CA in the Servers widget.
  3. Select Delete.
  4. Log out of the FortiNAC Manager.
  5. In the FortiNAC-CA UI, the License Information panel should reflect a Concurrent License count of 0. If not, wait about 1 minute to allow the entitlements to update.

Step 4: Install New Key

  1. In the FortiNAC-CA UI, navigate to System > Settings > System Management >License Management.
  2. Click Modify License Key.
  3. Click Upload and select the new .lic license key file.
  4. Click OK. The existing key detail is displayed in a pop-up window along with the new key detail.
  5. Click OK to apply the new license key. Click Undo if you want to revert to the existing license key.
  6. To restart the server immediately, click OK on the dialog box.
  7. Click OK to confirm.

  8. Once system has restarted, review the Administration UI to verify new entitlements:

    License Information Dashboard panel

    System > Settings > System Management > License Management

Troubleshooting

Mismatched MAC Address error when installing new key

Step 5: Validate

Confirm any previously shared (global) objects are still listed and are modifiable.

Step 6: Shut Down the Manager

The Manager can now be shut down.

  1. In the Manager UI, navigate to System > Settings > System Management > Power Management.

  2. Select a server from the list.

  3. Click Power Off. This process may take 30 seconds.

Previous
Next

Decommission Manager

If the Manager is no longer needed, use these steps to disable the FortiNAC Manager such that entitlements are transferred to the FortiNAC-CA server.

This procedure assumes the use of perpetual licenses (as opposed to subscription). If using subscription licensing, this document does not apply.

Requirements

  • FortiNAC version: 9.2.7, 9.4.2, F7.2.1 or greater on all appliances

  • License contracts have been migrated from the Manager to the FortiNAC-CA

  • Endpoint licenses for any additional managed FortiNAC server or High Availability pairs that will continue to run

Considerations

  • Perform snapshots on any virtual appliances before proceeding

  • During this process, there will be a period of time where entitlements will not be available

  • Services on the FortiNAC Server will be restarted

  • Due to the above, it is recommended this process be done during a maintenance window if the FortiNAC-CA is controlling network access (under enforcement)

Step 1: Download New Key

This step can be done prior to the maintenance window.

  1. Login to the Customer Support Portal at http://Support.Fortinet.com

  2. Under the Asset Management panel, click Product List.

  3. Click View Options and select Show Entitlement and click Apply.

    The Support Type column should now display.

  4. In the Search bar at the top of the view, type License Support. The resulting entries are the products with endpoint license keys.

  5. To view the MAC address and UUID, click on the serial number.

  6. Note the serial number of the appliance having the endpoint license upgraded.

  7. Click on the appliance serial number again. Under Entitlement, License Support should be listed.

  8. Under License & Key, the endpoint license type should be listed along with the number of concurrent licenses.

  9. Under Key, select Get the License File next to FortiNAC License File Download. File will have a .lic extension.

  10. Download the license key file (<serial number>.lic) and save to a folder. This will be used in the next section.

    Important: This license key can only be applied to the appliance owning the serial number in the .lic filename.

  11. Logout of Customer Support Portal.

Step 2: Review Global Objects

This step can be done prior to the maintenance window.

In the Manager, take a screen capture or note the global objects and confirm they are present on the managed FortiNAC-CA. This list will be used to verify the objects once the server is removed from the Manager.

Admin Profiles:

Users & Hosts > Administrators > Profiles

Guest Templates:

Users & Hosts > Guests & Contractors > Templates

Device Profiling Rules:

Users & Hosts > Device Profiling Rules

Device Types:

System > Settings Identification > Device Types

Groups:

System > Groups

Roles:

Policy & Objects > Roles

User/Host Profiles:

Policy & Objects > User/Host Profiles

Endpoint Compliance Policies:

Policy & Objects > Endpoint Compliance > Policies

Endpoint Compliance Configurations:

Policy & Objects > Endpoint Compliance > Configurations

Endpoint Compliance Scans:

Policy & Objects > Endpoint Compliance > Scans

Security Actions used by Endpoint Compliance configurations:

Policy & Objects > Endpoint Compliance > Actions

Step 3: Remove Server from Server List

  1. Log in to the FortiNAC Manager UI in one web browser window and the FortiNAC-CA UI in another.
  2. In the Manager’s Dashboard, select the FortiNAC-CA in the Servers widget.
  3. Select Delete.
  4. Log out of the FortiNAC Manager.
  5. In the FortiNAC-CA UI, the License Information panel should reflect a Concurrent License count of 0. If not, wait about 1 minute to allow the entitlements to update.

Step 4: Install New Key

  1. In the FortiNAC-CA UI, navigate to System > Settings > System Management >License Management.
  2. Click Modify License Key.
  3. Click Upload and select the new .lic license key file.
  4. Click OK. The existing key detail is displayed in a pop-up window along with the new key detail.
  5. Click OK to apply the new license key. Click Undo if you want to revert to the existing license key.
  6. To restart the server immediately, click OK on the dialog box.
  7. Click OK to confirm.

  8. Once system has restarted, review the Administration UI to verify new entitlements:

    License Information Dashboard panel

    System > Settings > System Management > License Management

Troubleshooting

Mismatched MAC Address error when installing new key

Step 5: Validate

Confirm any previously shared (global) objects are still listed and are modifiable.

Step 6: Shut Down the Manager

The Manager can now be shut down.

  1. In the Manager UI, navigate to System > Settings > System Management > Power Management.

  2. Select a server from the list.

  3. Click Power Off. This process may take 30 seconds.

Previous
Next