Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
matanaskovic
Staff
Staff

Created on ‎08-08-2019 02:53 AM Edited on ‎06-24-2024 08:10 AM By Moderator

Article Id 191906

Technical Tip: Upgrading FSSO Agents

Description


This article describes how to upgrade FSSO Collector Agent and its components.

Scope


Supported Microsoft AD environments as per appropriate FortiOS Release Notes.

Solution

 

To upgrade FSSO Collector Agent(s) and other FSSO components installed in MS AD environment, follow the steps below:
 
Upgrading FSSO Collector Agents.
 
  1.  Download the installer from https://support.fortinet.com/Download/FirmwareImages.aspx by navigating to the FSSO folder under FortiOS version that is running on the FortiGate, which communicates with the Collector Agent(s) that are going to be upgraded:

    Choose between 32bit version i.e. FSSO_Setup_5.0.0301.exe and 64bit ie. FSSO_Setup_5.0.0301_x64.exe based on the target operating system.
  1. Execute the installer. Confirm upgrading Fortinet Single Sign On Agent (Collector Agent):
  
Stephen_G_0-1719239876359.png
 
  1. Confirm all steps, following the installation wizard to completion. Check the new version by selecting 'Show Service Status' in the FSSO Collector Agent GUI:
  
Stephen_G_1-1719239920315.png
 
If the Collector Agent is in anything other than DC Agent mode, the upgrade is finished. Skip the steps below related to upgrading DC Agents as required.
 
However, if it is operating in DC Agent Mode, the DC Agent(s) needs to be upgraded as per the steps described below.
 
Upgrading DC Agents.
 
  1. Go to 'Show Monitored DCs', select 'Select DC to Monitor' and deselect all DCs that are selected, then confirm with 'OK'.
  kb_15767_301.png

  1. Confirm removing the DC Agent from target DC - Confirm with 'Yes'.
 

kb_15767_4.png

 
 
Stephen_G_1-1719241499779.png
 
WARNING: REBOOT the targeted DC -> select 'NO' this time
 
  1. The Select DC to Monitor section should now show the DCs deselected.
  
Stephen_G_2-1719241558341.png
 
Select the DCs again. This will install new versions of the DC Agents to the selected DCs.
 
 
Stephen_G_3-1719241579688.png
 
The next step is to confirm by selecting 'Yes'.
  
Stephen_G_4-1719241636742.png
 
  1. Finally, the last prompt will be displayed, where it is necessary to select 'Yes' to reboot the DC.

    Although it is recommended to do it after the installation to correctly monitor the DC for users’ logon events:
  
Stephen_G_5-1719241682092.png
 
  1. After rebooting the DCs, confirm that the new version of DC Agent was installed by going to Select DCs to Monitor and waiting for the keepalive packet.
 
Stephen_G_6-1719241721464.png

 

Or export configuration from Collector Agent's GUI, open it in a text editor and scroll to the bottom where the info about DC Agent version can be found at the bottom of the file:
  
Stephen_G_7-1719241735981.png
 
After the upgrade, the configuration settings will remain.
 
Further notes:
 
If Terminal Server Agent(s) is used, upgrade it the same manner as Fortinet the Single Sign On Agent using TSAgent_Setup_5.0.0xxx.exe or its *. msi equivalent. Upgrading the TS Agent requires a reboot afterwards.
 
If the GUI version of the DC Agent is used, use the standalone installer to upgrade it.
 
  • 32 bit DCAgent_Setup_5.0.0xxx.exe or .msi
  • 64 bit DCAgent_Setup_5.0.0xxx_x64.exe or .msi
 
Agent versions can be different and there will be no compatibility issues with FortiOS. They will work, unless feature parity is required.
 
Related documents:
52686
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.