FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
cmaheu
Staff
Staff
Article Id 269665
Description

This article describes how to upgrade the FortiNAC-F appliance using the CLI. This procedure is useful when it is not possible to upgrade via the Administration UI.

 

For GUI upgrade instructions, see System Update in the Administration Guide.

Scope FortiNAC-F v7.2.0 and greater. 
Solution
  1. Download the upgrade image to the appliance.

CLI method:

 

Using a TFTP server such as tftpd, it is possible to get the image from the local machine:

 

Example. The image file is 'FNAC_VHD-v7-build12026-FORTINET.out'

 

naclab1 # execute enter-shell

naclab1:~$ tftp -gr FNAC_VHD-v7-build12026-FORTINET.out 10.10.10.3

The image is automatically imported in /home/admin directory. Using the 'mv' command it is necessary to move it to /bsc/campusMgrUpdates

 

naclab1:~$ mv ~/FNAC_VHD-v7-build12026-FORTINET.out  /bsc/campusMgrUpdates/FNAC_VHD-v7-build12026-FORTINET.out

naclab1:~$ cd /bsc/campusMgrUpdates

naclab1:/bsc/campusMgrUpdates$ ll

total 1822356
.....
743552 -rw-r--r-- 1 admin admin 761391351 Dec 2 09:35 FNAC_VHD-v7-build12026-FORTINET.out

 

GUI Method:

 

  1. Navigate to System -> Settings -> Updates -> System.
  2. Select Download.
  3. Select the file and select Download.

 

  1. Run the upgrade in the CLI with the following commands:


execute enter-shell
cd /bsc/campusMgrUpdates
sudo /bin/nac/upgrade <upgrade_image_filename>

 

Example:

 

execute enter-shell
cd /bsc/campusMgrUpdates
sudo /bin/nac/upgrade FNAC_ESX-v7.2.3-build0083-FORTINET.out

 

  1. Once the upgrade completes, log out of the shell and reboot the appliance with the following commands:

 

exit

execute reboot

 

Example:

 

Upgrading 10.106.91.22 complete
fortinac72:/bsc/campusMgrUpdates$ exit
logout
fortinac72 # execute reboot
This operation will reboot the system!
Do you want to continue? (y/N) y

 

  1. FTP/SSH backup is enabled in Settings -> System Management -> Remote Backup Configuration. When remote backup is enabled, FortiNAC will attempt to perform that operation before proceeding with the upgrade. In some occasions, the remote server may be unavailable or the path to the remote directory may be incorrect. This will result in an upgrade failure. In FortiNAC v7.4.0, there is a known issue where the Remote backup feature cannot be disabled once it has been enabled and configured during the initial deployment. This will prevent administrators from proceeding with the upgrade process.

 

To perform the upgrade by skipping the remote backup operation, use the following command from FortiNAC cli:

 

naclab1 # execute enter-shell
naclab1:~$ cd /bsc/campusMgrUpdates
naclab1:/bsc/campusMgrUpdates$ sudo /bin/cmdb/upgrade FNAC_VHD-v7-build12026-FORTINET.out
Check firmware file ...
Upgrading firmware image from version 7.4.0.427 to 70.60.1.2026
Start to restore firmware image..
Begin write image to disk...
total write: 838861312
Write image succeeded

 

The bootable flag on partition 2 is disabled now.
The bootable flag on partition 3 is enabled now.

 

The partition table has been altered.
Done installing image. Please reboot for these changes to take effect.

 

naclab1:/bsc/campusMgrUpdates$ exit
logout
naclab1 # execute reboot
This operation will reboot the system!
Do you want to continue? (y/N) y

**** System starts the reboot process.

 

This procedure will upgrade only the Primary server where the command is executed. The same operation needs to be performed on the secondary node to upgrade it. 

 

Contact Support if further assistance is required.