FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
ebilcari
Staff
Staff
Article Id 310023
Description

 

This article describes how to upgrade a FortiNAC-F setup running NAC-OS using an interim build image. The procedure is used to upgrade the firmware to a version suggested and offered by the TAC support team, mainly for testing new features or fixing issues.

 

Note: 

The interim builds are not subjected to testing and should not be used in a production environment. It is mandatory to create a backup of the current setup (a full VM backup is preferred) to ensure that data can be easily restored if any issues arise. If the interim build proves to be free of anomalies, it can then be kept for production use.

 

Scope

 

FortiNAC running on NAC-OS.

 

Solution
  1. Download the image file (.out) that should correspond to the hypervisor that is currently used in the setup. FortiNAC-F has different firmware files for specific hypervisors. Checksum validation needs to be done before proceeding further. Usually the file is shared by the TAC support team via SFTP that is integrated with the ticketing system. More details on how to download this file is shown in this article (Show Download Access Info): Technical Tip: Uploading large files to a support ticket using SFTP
  2. Upload the file to an external SCP/FTP/TFTP file server.
  3. Refer to and apply this image from FNAC CLI. In this example, FortiNAC is running on Hyper-V.

 

*************************************************************************
Distribution: FortiNAC-OS
Appliance Type: FortiNAC FNVXCA
Version: 7.2.5.0101 (GA)
Build Date: Tue 12-Dec-2023
Serial Number: FNVXCA0000000
*************************************************************************


fnacf # execute restore image tftp FNAC_VHD-v7-build0113-FORTINET.out 10.1.1.10
This operation will replace the current firmware version!
Do you want to continue? (y/N) y
Connect to tftp server 10.1.1.10 ...

Get image from tftp server OK.   <-- after the transfer is completed, it may take a bit longer

Beginning upgrade
Validating configuration...
Checking ssh keys on machine fnacf
Done checking ssh keys on machine fnacf
Configuration validated.

 

###############################################################
# Upgrading from version 7.2.5.0101 12-Dec-2023
###############################################################

 

Running backup

...

********** DONE Backing up

...

Done installing image. Rebooting. Please wait a minute before refreshing the browser

 

The server will go for a reboot and can be accessed promptly via CLI. The GUI makes take a bit longer to be available.

 

*************************************************************************
Distribution: FortiNAC-OS
Appliance Type: FortiNAC FNVXCA
Version: 7.2.6.0113 (interim)
Build Date: Mon 15-Apr-2024
Serial Number: FNVXCA000000
************************************************************************* 

 

The TFTP protocol is the slowest method, in this case, it took approximately 25 minutes but it is the easiest server to build and configure is frequently used for other network device operations. If the FTP or the SCP server are available in the network they can be used for a better transfer rate.

 

Related articles:

Technical Tip: Upgrade FortiNAC-F through the CLI

Technical Tip: Useful CLI commands in NAC-OS for troubleshooting

Troubleshooting Tip: Cannot upgrade from FortiNAC 7.2.0 to 7.2.1 - no image is listed