Description

This article describes how to increase the number of virtual interfaces of a FortiAuthenticator-VM.

Scope

FortiAuthenticator-VM

Solution

FortiAuthenticator-VMs can scale as desired, which can come with a need for additional interfaces.

It is not possible to simply power down a FortiAuthentictor-VM and assign new virtual interfaces; while the interface is recognized, the crucial configuration would be missing and the interface is not truly configurable or usable.

The solution essentially involves migrating FortiAuthenticator to a new VM.

1. Set up a new VM in the same hypervisor with the desired number of interfaces, as well as identical CPU and RAM to the operational FortiAuthenticator-VM.
2. Install FortiAuthenticator firmware to the new VM, using the same version as the operational FortiAuthenticator.
3. Take a backup of the operational FortiAuthenticator.
4. Shut down the operational FortiAuthenticator and power on the new VM.
5. Restore the configuration backup to the new VM.

• This will cause the new VM to have the same licenses, tokens, users, interface configuration, etc. as the old unit. No additional activation or conversion is required.
• Historical logs, debug logs and debug settings will be lost.

6. The new VM should have the same network connections set up (interfaces in the same logical networks as the old VM, for example).
7. The new VM should be operational and behave identically to the old VM aside from having additional interfaces.
8. Once satisfied with the state of the new VM, the old VM can be deleted to avoid any potential issues.

Important:
If the FortiAuthenticator is in an active-passive cluster, both nodes need to be moved to new VMs at the same time: otherwise, sync issues may occur related to interfaces existing on one node but not on the other.
Load-balancing clusters do NOT sync interface settings; in this case, nodes can be moved to new VMs as desired.