Technical Tip: How to Migrate a Standalone CentOS FortiNAC to FortiNAC-OS from version 9.X to FortiNAC-F 7.2.5 GA

Hawada1 · ‎01-03-2024

Description

This article describes how to migrate FortiNAC servers from the CentOS operating system to the FortiNAC-OS operating system. For the detailed procedure, including requirements and preparation checklist, see CentOS to FortiNAC-OS VM Migration (Single Appliance).

For HA and systems managed by FortiNAC Manage refer to the following guides:
CentOS to FortiNAC-OS VM Migration (High Availability Environments)
CentOS to FortiNAC-OS VM Migration (FortiNAC Manager Environments)

Scope

FortiNAC v9.X and FortiNAC-F v7.2.X.

Solution

To achieve the FortiNAC migration it is necessary to perform the following steps:

'FortiNAC must be using perpetual Endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Manager.' (Source: Overview FortiNAC 9.4.0).
Recommend patching the CentOS version before upgrading CentOS FortiNAC firmware (this step requires rebooting the standalone FortiNAC):

yum -y update
Upgrade the single VM CentOS FortiNAC from 9.2.6 to 9.2.8 GA to meet the upgrade requirements. Check single appliance overview.
If concerned by one of the Firmware specified in the single appliance overview, skip this step.
Contact Customer Service to have the Endpoint license contracts moved to the new serial number (Transfer Endpoint License Entitlements).
It is necessary to create a new FortiNAC-OS next to the CentOS FortiNAC with the same specs running software Firmware F7.2.2 or greater for the migration tools (Appliance Installation).
The FortiNAC-OS must be registered with next generation license (FNC-CAX-VM).
Configure the management IP for FortiNAC-OS via CLI (Appliance configuration).
Import the FNC-CAX-VM license to newly deployed FortiNAC-OS (FortiNAC-F).
Then configure the ConfigWizard for FortiNAC-OS.
Copy the bundleCentOSMigration tool from the FortiNAC-OS to CentOS FortiNAC.
Gather the configuration and database of the CentOS FortiNAC server.
Migrate the gathered logs from CentOS to the new FortiNAC-OS Server (Cutover to New Appliance).

Important note:

It is recommended to take a VM snapshot before each upgrade or migration step.

Upgrade the single VM CentOS FortiNAC from 9.2.6 to 9.2.8 GA to meet the upgrade requirements.

Select System -> Settings.
Expand the Updates folder.
Select System from the tree.
Go to the System Update Settings section of the screen, and make sure Product Distribution Directory: Version_9_2 if it is desired to upgrade from 9.2 to the latest 9.2.X.
Then select Download.
After the software file has been downloaded select the Install button and Install Firmware 9.2.8 GA.

Fortinac Migration 01.png

The system has been upgraded to 9.2.8 GA:
Now after the upgrade of legacy FortiNAC, build a new FortiNAC-OS VM with the same resources as the CentOS VM:
1. Download the FortiNAC-F 7.2.5 GA from the support portal based on the hypervisor used. In this case, the OVA file 'FNAC_ESX-v7-build0101-FORTINET.ova' was downloaded.
  
  Upload the license File to the new FortiNAC-F VM and proceed with the initial configuration:
2. Then Apply the initial configuration and reboot the VM.
3. The new FortiNAC-F is running FortiNAC-OS and the Appliance Type is FNVXCA:
Copy the bundleCentOSMigration tool from the FortiNAC-OS to CentOS to create a compatible backup with FortiNAC-OS:

scp /path/to/file username@<CentOS eth0 IP>:/path/to/destination
fnac-f:~$ scp ./bsc/campusMgr/bin/bundleCentOSMigration root@192.168.108.46:/bsc/campusMgr/bin

Important Note:

There is a bundleCentOSMigration embedded with CentOS FortiNAC Firmware 9.2.8 GA. However, we must overwrite the native bundle in CentOS with the 7.2.5 bundle using the scp command above. If the native bundle is used it will show the following error when restoring on FortiNAC-OS:
'Error migrating configuration: Bundle was created with an incompatible Firmware of the "bundleCentOSMigration" script
Please create a new migration bundle using the script available on this system'.

Now run the command bundleCentOSMigration command to back up the CentOS FortiNAC and wait for the Done message to be completed.

The resulting file is written to the /root directory using the naming convention centos-backup-<year>_<month>_<day>_<hr>_<min>_<sec>.zip.

Example below:

Bundling migration archive

zip warning: name not matched: /bsc/campusMgr/.licenseKeyHW

adding: bsc/campusMgr/bin/.cm_config (deflated 31%)

Done.

Archive is named centos-backup-2024_01_02_12_50_39.zip

# bundleCentOSMigration
Copy the centos backup .zip file to the new appliance. Log in to the FortiNAC-OS appliance CLI as admin and type:

fnac-f # execute enter-shell
fnac-f:~$ scp root@<CentOS eth0 IP address>:/root/<centos backup zip file> ./

Now shut down the CentOS FortiNAC VM and proceed with the Migration (Would recommend taking a VM snapshot at this stage) (Cutover to New Appliance).

Exit the shell:

fnac-f:~$ exit
fnac-f # execute restore legacy-migrate local centos-backup-2024_01_02_12_50_39.zip
Successfully migrated configuration. System will now reboot shortly.

After the reboot, the FortiNAC-OS appliance will now have the CentOS appliance's IP address(es).

Log in to the FortiNAC-OS Administration UI using standard credentials with https://<CentOS IP>:8443.

Review the Dashboard to ensure the information is correct (the hostname has been migrated to the new FortiNAC-OS VM):

Fortinac Migration 4.png