Technical Tip: Correcting the FortiNAC license level in HA
Description
This article describes how to copy the correct license in FortiNAC when it is swapped between nodes in High Availability.
Solution
Identify the issue by running the command below in Primary FortiNAC over CLI with the following command:
Primary FortiNAC should display the level PRO as EFFECTIVE.
After HA is formed both FortiNACs should display 'FortiNAC Pro' in the license key details under:
System -> Settings -> System Management -> License Management.
In case above level BASE indicates that incorrect license is applied in Primary FortiNAC:
1) Download the license of the Primary FortiNAC from in https://support.fortinet.com.
2) Open GUI using shared IP: http://<Host IP Address>:8443/configWizard/
3) Copy paste the license downloaded. Apply settings and Reboot the appliance.
Connect SSH terminal to Primary FortiNAC:
Replace the license, by copying the content of the file from license to Primary:
After this, make sure to delete the .licenseKeyPrimary from the Primary node again. It is supposed to be only on the secondary.
This article describes how to copy the correct license in FortiNAC when it is swapped between nodes in High Availability.
Solution
Identify the issue by running the command below in Primary FortiNAC over CLI with the following command:
Primary_FortiNAC_CLI> licensetool -key APPLIANCE -key EFFECTIVEThe 'level' field needs to be checked for both 'EFFECTIVE:' and 'APPLIANCE':', and compared with details for registered device dashboard in https://support.fortinet.com
APPLIANCE:
serial = FNVMCATM20-----3
type = NetworkControlApplicationServer
level = PRO
count = 100000
expiration = 31536000000
expired = false
…..
EFFECTIVE:
serial = FNVMCATM20-----3
type = NetworkControlApplicationServer
level = BASE
count = 100000
expiration = 31536000000
expired = false
…..
Primary_FortiNAC_CLI>
Primary FortiNAC should display the level PRO as EFFECTIVE.
After HA is formed both FortiNACs should display 'FortiNAC Pro' in the license key details under:
System -> Settings -> System Management -> License Management.
In case above level BASE indicates that incorrect license is applied in Primary FortiNAC:
1) Download the license of the Primary FortiNAC from in https://support.fortinet.com.
2) Open GUI using shared IP: http://<Host IP Address>:8443/configWizard/
3) Copy paste the license downloaded. Apply settings and Reboot the appliance.
Connect SSH terminal to Primary FortiNAC:
Primary_FortiNAC_CLI> cd /bsc/campusMgrLook for these two files '.licenseKey' and '.licenseKeyPrimary'.
Primary_FortiNAC_CLI> ls –al
Replace the license, by copying the content of the file from license to Primary:
Primary_FortiNAC_CLI> cp .licenseKey .licenseKeyPrimaryVerify the output by running the dumpkey command:
Primary_FortiNAC_CLI> dumpkeyNow License Name is set to correct 'FortiNAC Pro'.
Client Count = 0
Device Count = 0
Guest Count = 0
User Tracking Count = 0
Concurrent Count = 100000
RTR Count = 10000
.....
Campus Manager Type = NetworkControlApplicationServer
License Name = FortiNAC Pro
Vendor = NetworkSentry
SKU = FNC-CA-VM
.....
Model Type = FNVMCA
Extensions count = 4
Extensions:
Device_Profiler
Endpoint_Compliance
Guest_Manager
Integration_Suite
Plugin count = 13
Plugins:
Hot-Standby-Capable
NetworkSentry
cm1000
cm2000
Config-Management
PacketShaper
DHCP-Management
Bandwidth-Management
Authentication
Access-Point-Management
Remediation-Center
Registration-Center
Client-Validation-Assessment
FortiNAC FNVMCA
root@fnac:/bsc/campusMgr>
After this, make sure to delete the .licenseKeyPrimary from the Primary node again. It is supposed to be only on the secondary.
Related Articles
Technical Note: licenseKeyPrimary file can prevent new entitlement application - Internal