High Availability Environments

Home FortiNAC 9.4.0 High Availability Environments

9.4.0

Overview

This document applies to FortiNAC appliances configured for High Availability. Provides the steps for a customer to migrate their existing FortiNAC virtual appliances with the CentOS operating system to new FortiNAC-F virtual appliances with the FortiNAC-OS operating system. It assumes the customer is using perpetual endpoint licenses.

Once migration is complete, the FortiNAC-F appliances will have the license, entitlements and configuration as the original FortiNAC appliances.

If managed by a FortiNAC Manager, do not use this document. Proceed to:

CentOS to FortiNAC-OS VM Migration - FortiNAC Manager Environments

https://docs.fortinet.com/document/fortinac/9.4.0/fortinac-manager-environments

Requirements

The FortiNAC Primary Server must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Control Server.
Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.
Both appliances in the High Availability pair should be migrated in the same session. In a High Availability configuration, both FortiNAC servers must match all of the following:
- Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)
- Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)

Configuration Examples

Supported (Primary/Secondary)	Not Supported (Primary/Secondary)
FNC-CA-500F / FNC-CA-500F FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS) FNC-M-550F / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (VMware)	FNC-CA-500F / FNC-CA-600F FNC-CAX-VM / FNC-CA-xxxF FNC-CAX-VM / FNC-CA-VM FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM) FNC-MX-VM / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Supported

(Primary/Secondary)

Not Supported

(Primary/Secondary)

FNC-CA-500F / FNC-CA-500F

FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)

FNC-M-550F / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (VMware)

FNC-CA-500F / FNC-CA-600F

FNC-CAX-VM / FNC-CA-xxxF

FNC-CAX-VM / FNC-CA-VM

FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)

FNC-MX-VM / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Recommended FortiNAC software versions
- Existing FortiNAC CentOS appliances
  - v9.1.9 or greater*
  - v9.2.7 or greater*
  - v9.4.2 or greater* **
  - vF7.4.0 or greater for the migration tools * ** ***
    
    * Later versions may require importing of key certificates prior to upgrade. See Importing License Key Certificates.
    
    ** Later versions may require new license keys prior to upgrade. See KB article Upgrade fails with license requirement error)
    
    *** Steps are provided to import the migration tool from the FortiNAC-OS appliance if CentOS appliances are not running 7.4.0 or greater.
- New FortiNAC-OS appliances: F7.4.0 or greater for the migration tools
Temporary management IP address
CLI access to both the CentOS and FortiNAC-OS appliances

Considerations

The process outlined and the tools used for this migration is not supported for the following configurations:

FortiNAC is using subscription endpoint licenses (Support Type = FortiNAC VM)
FortiNAC Control (FNC-C-xx) and Application (FNC-A-xx) Appliance Pairs
Moving FortiNAC-OS system to another FortiNAC-OS system

Migration Steps

Below are the steps required to complete the migration.

Step 1: Product Registration*

Step 2: Transfer Endpoint License Entitlements*

Step 3: Appliance Installation

Step 4: Generate and Download Keys

Step 5: Appliance Configuration

Step 6: Download & Install New License Key

--- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---

Step 7: Collect & Transfer CentOS Migration Data

Step 8: Cutover to New Appliance

*See Preparation Checklist for suggested timelines to complete step.

Overview

Once migration is complete, the FortiNAC-F appliances will have the license, entitlements and configuration as the original FortiNAC appliances.

If managed by a FortiNAC Manager, do not use this document. Proceed to:

CentOS to FortiNAC-OS VM Migration - FortiNAC Manager Environments

https://docs.fortinet.com/document/fortinac/9.4.0/fortinac-manager-environments

Requirements

The FortiNAC Primary Server must be using perpetual endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Control Server.
Contact sales to obtain the new FortiNAC-F appliances (FNC-CAX-xx/FNC-MX-xx). Registration codes for the new product will then be sent via email.
Both appliances in the High Availability pair should be migrated in the same session. In a High Availability configuration, both FortiNAC servers must match all of the following:
- Model (FNC-CAX-VM, FNC-CA-500F, FNC-CA-600F , FNC-CA-700F, FNC-MX-VM, FNC-M-550F)
- Virtual Appliance Vendor (Hyper-V, AWS, Azure, etc)

Configuration Examples

Supported (Primary/Secondary)	Not Supported (Primary/Secondary)
FNC-CA-500F / FNC-CA-500F FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS) FNC-M-550F / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (VMware)	FNC-CA-500F / FNC-CA-600F FNC-CAX-VM / FNC-CA-xxxF FNC-CAX-VM / FNC-CA-VM FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM) FNC-MX-VM / FNC-M-550F FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Supported

(Primary/Secondary)

Not Supported

(Primary/Secondary)

FNC-CA-500F / FNC-CA-500F

FNC-CAX-VM (AWS) / FNC-CAX-VM (AWS)

FNC-M-550F / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (VMware)

FNC-CA-500F / FNC-CA-600F

FNC-CAX-VM / FNC-CA-xxxF

FNC-CAX-VM / FNC-CA-VM

FNC-CAX-VM (AWS) / FNC-CAX-VM (KVM)

FNC-MX-VM / FNC-M-550F

FNC-MX-VM (VMware) / FNC-MX-VM (AWS)

Recommended FortiNAC software versions
- Existing FortiNAC CentOS appliances
  - v9.1.9 or greater*
  - v9.2.7 or greater*
  - v9.4.2 or greater* **
  - vF7.4.0 or greater for the migration tools * ** ***
    
    * Later versions may require importing of key certificates prior to upgrade. See Importing License Key Certificates.
    
    ** Later versions may require new license keys prior to upgrade. See KB article Upgrade fails with license requirement error)
    
    *** Steps are provided to import the migration tool from the FortiNAC-OS appliance if CentOS appliances are not running 7.4.0 or greater.
- New FortiNAC-OS appliances: F7.4.0 or greater for the migration tools
Temporary management IP address
CLI access to both the CentOS and FortiNAC-OS appliances

Considerations

The process outlined and the tools used for this migration is not supported for the following configurations:

FortiNAC is using subscription endpoint licenses (Support Type = FortiNAC VM)
FortiNAC Control (FNC-C-xx) and Application (FNC-A-xx) Appliance Pairs
Moving FortiNAC-OS system to another FortiNAC-OS system

Migration Steps

Below are the steps required to complete the migration.

Step 1: Product Registration*

Step 2: Transfer Endpoint License Entitlements*

Step 3: Appliance Installation

Step 4: Generate and Download Keys

Step 5: Appliance Configuration

Step 6: Download & Install New License Key

--- PERFORM REMAINING STEPS DURING MAINTENANCE WINDOW* ---

Step 7: Collect & Transfer CentOS Migration Data

Step 8: Cutover to New Appliance

*See Preparation Checklist for suggested timelines to complete step.