Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
bmeta
Staff
Staff

Created on ‎09-06-2021 11:08 AM

Article Id 198267

Technical Tip: Correcting the FortiNAC license level in HA

Description
This article describes how to copy the correct license in FortiNAC when it is swapped between nodes in High Availability.

Solution
Identify the issue by running the command below in Primary FortiNAC over CLI with the following command:
Primary_FortiNAC_CLI> licensetool -key APPLIANCE -key EFFECTIVE

APPLIANCE:
serial = FNVMCATM20-----3
type = NetworkControlApplicationServer
level = PRO
count = 100000
expiration = 31536000000
expired = false
…..
EFFECTIVE:
serial = FNVMCATM20-----3
type = NetworkControlApplicationServer
level = BASE
count = 100000
expiration = 31536000000
expired = false
…..
Primary_FortiNAC_CLI>
The 'level' field needs to be checked for both 'EFFECTIVE:' and 'APPLIANCE':', and compared with details for registered device dashboard in https://support.fortinet.com

Primary FortiNAC should display the level PRO as EFFECTIVE.
After HA is formed both FortiNACs should display 'FortiNAC Pro' in the license key details under:
System -> Settings -> System Management -> License Management.

In case above level BASE indicates that incorrect license is applied in Primary FortiNAC:

1) Download the license of the Primary FortiNAC from in https://support.fortinet.com.
2) Open GUI using shared IP: http://<Host IP Address>:8443/configWizard/
3) Copy paste the license downloaded. Apply settings and Reboot the appliance.

Connect SSH terminal to Primary FortiNAC:
Primary_FortiNAC_CLI>  cd /bsc/campusMgr
Primary_FortiNAC_CLI>  ls –al
Look for these two files '.licenseKey' and '.licenseKeyPrimary'.
Replace the license, by copying the content of the file from license to Primary:
Primary_FortiNAC_CLI> cp  .licenseKey  .licenseKeyPrimary
Verify the output by running the dumpkey command:
Primary_FortiNAC_CLI> dumpkey
Client Count = 0
Device Count = 0
Guest Count = 0
User Tracking Count = 0
Concurrent Count = 100000
RTR Count = 10000
.....
Campus Manager Type = NetworkControlApplicationServer
License Name = FortiNAC Pro
Vendor = NetworkSentry
SKU = FNC-CA-VM
.....
Model Type = FNVMCA
Extensions count = 4
Extensions:
        Device_Profiler
        Endpoint_Compliance
        Guest_Manager
        Integration_Suite
Plugin count = 13
Plugins:
        Hot-Standby-Capable
        NetworkSentry
        cm1000
        cm2000
        Config-Management
        PacketShaper
        DHCP-Management
        Bandwidth-Management
        Authentication
        Access-Point-Management
        Remediation-Center
        Registration-Center
        Client-Validation-Assessment

FortiNAC FNVMCA
root@fnac:/bsc/campusMgr>
Now License Name is set to correct 'FortiNAC Pro'.

After this, make sure to delete the .licenseKeyPrimary from the Primary node again. It is supposed to be only on the secondary.

Related Articles

Technical Note: licenseKeyPrimary file can prevent new entitlement application - Internal

1386
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.