To achieve the FortiNAC migration it is necessary to perform the following steps:

1. 'FortiNAC must be using perpetual Endpoint licenses (Support Type = License Support). To confirm, login to the Customer Portal (https://support.fortinet.com) and review the Entitlements section for the Manager.' (Source: Overview FortiNAC 9.4.0).
   
   
2. Recommend patching the CentOS version before upgrading CentOS FortiNAC firmware (this step requires rebooting the standalone FortiNAC):
   
   yum -y update
   
   
3. Upgrade the single VM CentOS FortiNAC from 9.2.6 to 9.2.8 GA to meet the upgrade requirements. Check single appliance overview.
   If concerned by one of the Firmware specified in the single appliance overview, skip this step.
   
   
4. Contact Customer Service to have the Endpoint license contracts moved to the new serial number (Transfer Endpoint License Entitlements).
   
   
5. It is necessary to create a new FortiNAC-OS next to the CentOS FortiNAC with the same specs running software Firmware F7.2.2 or greater for the migration tools (Appliance Installation).
   
   
6. The FortiNAC-OS must be registered with next generation license (FNC-CAX-VM).
   
   
7. Configure the management IP for FortiNAC-OS via CLI (Appliance configuration).
   
   
8. Import the FNC-CAX-VM license to newly deployed FortiNAC-OS (FortiNAC-F).
   
   
9. Then configure the ConfigWizard for FortiNAC-OS.
   
   
10. Copy the bundleCentOSMigration tool from the FortiNAC-OS to CentOS FortiNAC.
    
    
11. Gather the configuration and database of the CentOS FortiNAC server.
    
    
12. Migrate the gathered logs from CentOS to the new FortiNAC-OS Server (Cutover to New Appliance).

Important note:

It is recommended to take a VM snapshot before each upgrade or migration step.

1. Upgrade the single VM CentOS FortiNAC from 9.2.6 to 9.2.8 GA to meet the upgrade requirements.

• Select System -> Settings.
• Expand the Updates folder.
• Select System from the tree.
• Go to the System Update Settings section of the screen, and make sure Product Distribution Directory: Version_9_2 if it is desired to upgrade from 9.2 to the latest 9.2.X.
• Then select Download.
• After the software file has been downloaded select the Install button and Install Firmware 9.2.8 GA.
  
  

1. The system has been upgraded to 9.2.8 GA:
   
   

   

    

   

    

2. Now after the upgrade of legacy FortiNAC, build a new FortiNAC-OS VM with the same resources as the CentOS VM:

   1. Download the FortiNAC-F 7.2.5 GA from the support portal based on the hypervisor used. In this case, the OVA file 'FNAC_ESX-v7-build0101-FORTINET.ova' was downloaded.
      
      Upload the license File to the new FortiNAC-F VM and proceed with the initial configuration:
      
      

      

       

       

   2. Then Apply the initial configuration and reboot the VM.
      
      

      

       

   3. The new FortiNAC-F is running FortiNAC-OS and the Appliance Type is FNVXCA:
      
      

       

3. Copy the bundleCentOSMigration tool from the FortiNAC-OS to CentOS to create a compatible backup with FortiNAC-OS:
   
   scp /path/to/file username@<CentOS eth0 IP>:/path/to/destination
   fnac-f:~$ scp /bsc/campusMgr/bin/bundleCentOSMigration root@192.168.108.46:/bsc/campusMgr/bin

Important Note:

There is a bundleCentOSMigration embedded with CentOS FortiNAC Firmware 9.2.8 GA. However, we must overwrite the native bundle in CentOS with the 7.2.5 bundle using the scp command above. If the native bundle is used it will show the following error when restoring on FortiNAC-OS:
'Error migrating configuration: Bundle was created with an incompatible Firmware of the "bundleCentOSMigration" script
Please create a new migration bundle using the script available on this system'.

2. Now run the command bundleCentOSMigration command to back up the CentOS FortiNAC and wait for the Done message to be completed.
   
   The resulting file is written to the /root directory using the naming convention centos-backup-<year>_<month>_<day>_<hr>_<min>_<sec>.zip.
   
   

    

   Example below:
   
   

   Bundling migration archive

   zip warning: name not matched: /bsc/campusMgr/.licenseKeyHW

   adding: bsc/campusMgr/bin/.cm_config (deflated 31%)

   
   Done.

   Archive is named centos-backup-2024_01_02_12_50_39.zip

   
   # bundleCentOSMigration

    

3. Copy the centos backup .zip file to the new appliance. Log in to the FortiNAC-OS appliance CLI as admin and type:
   
   fnac-f # execute enter-shell
   fnac-f:~$ scp root@<CentOS eth0 IP address>:/root/<centos backup zip file> ./
   
   

    

    

Now shut down the CentOS FortiNAC VM and proceed with the Migration (Would recommend taking a VM snapshot at this stage) (Cutover to New Appliance).

Exit the shell:

fnac-f:~$ exit
fnac-f # execute restore legacy-migrate local centos-backup-2024_01_02_12_50_39.zip
Successfully migrated configuration. System will now reboot shortly.

After the reboot, the FortiNAC-OS appliance will now have the CentOS appliance's IP address(es).

Log in to the FortiNAC-OS Administration UI using standard credentials with https://<CentOS IP>:8443.

Review the Dashboard to ensure the information is correct (the hostname has been migrated to the new FortiNAC-OS VM):

Note:

Like other FortiOS products, the required service ports should be enabled using the appropriate interface below.

Otherwise, FortiNAC NacOS will discard the traffic that comes from a service that was not enabled under the interface.

For example, if SNMP is not enabled under  port1, FortiNAC NacOS discards any SNMP MAC Notifcaiot traps or SNMP Link Up/Down traps.

config system interface
   edit port1
      set ip 192.168.0.202/24
      set allowaccess dhcp dns fsso http-adminui https-adminui nac-agent nac-ipc  ping radius radius-acct radius-local  snmp ssh syslog
   next
   edit port2
      set allowaccess dhcp dns http  https  nac-agent  ping  snmp ssh syslog
   next
end