Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Markus_M
Staff
Staff

Created on ‎10-10-2019 07:25 AM Edited on ‎12-29-2021 02:07 PM By Anonymous

Article Id 192992

Technical Tip: Installing new or changing license on FortiNAC appliance

Description
This article describes how to install a new license on the FortiNAC appliance. Mostly this applies to the VM as well.
Also, this can be helpful in case a “Processes are down” message is received when the license is incorrect.

This is a multi-step Guide. If only the installation of a new license is required, skip step 1.

Useful links in the FortiNAC product documentation
Appliance installation guide
Vmware Virtual Machine Installation Guide
License Upgrade Guide

Solution
1. After booting the device, the message “Processes are down” may show up.
If this message is displayed for longer than 5 minutes after bootup, crosscheck the license report from the logs.  In the CLI run the following command:

 

grep license /bsc/logs/output.master -i -B 3 -A 20

- In case of issues with the license, this might be displayed:

yams INFO :: 2019-10-09 14:32:48:706 :: Removing old symbolic link /bsc/campusMg r/master_loader/logs/output.master
yams INFO :: 2019-10-09 14:32:49:449 :: System Manufacturer: Dell Inc.
yams INFO :: 2019-10-09 14:32:49:652 :: System UUID: 12345678-90AB-CDEF-1234-567 890ABCDEF
yams INFO :: 2019-10-09 14:32:49:654 :: Invalid License
yams INFO :: 2019-10-09 14:32:49:654 :: Yams =
LicenseManager:
Date = 0
Number Of Concurrent = 1000
Physical Address = 4C:D9:8F:3C:5D:94 (this must be eth0 mac)
Type = NetworkControlApplicationServer
Vendor = NetworkSentry
UUID = 00000000-0000-0000-0000-000000000000

Note: The UUID is actually as displayed (000...) in the case of hardware.
In the case of a VM, another random value will show up there and it should be the same as the “SYSTEM UUID”. If it is different, likely the VM has been cloned.

- In case the license has expired:

yams INFO :: 2019-10-10 12:56:12:544 :: [/bsc/campusMgr/.licenseKeyNCM, /bsc/campusMgr/.licenseKey, /bsc/campusMgr/.licenseKeyPrimary]
yams INFO :: 2019-10-10 12:56:12:915 :: MasterLoader Max Memory (KBytes) 1,773,888 Free Memory (KBytes) 1,676,291 Threads: 326 Up Time: 0 Days 0 Hours 1 Minute 9 Seconds  Thu Oct 10 12:56:12 CEST 2019
yams INFO :: 2019-10-10 12:56:12:915 :: License Has Expired

In either case, the license needs to be renewed.

There are 2 options:
- Request a new license
- Use an existing one, that has not yet expired.

The license needs to reflect the ethernet address (MAC) of eth0 and in the case of a VM, the UUID of the VM is as well.


2. To get these details run the following commands in the CLI:

In 8.x

UUID:
sysinfo –v | grep –i uuid

MAC address:
ifconfig eth0

Example output, showing the MAC address as “ether”:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 10.254.0.1  netmask 255.255.0.0  broadcast 10.254.255.255
ether 70:4C:A5:ff:00:01  txqueuelen 1000  (Ethernet)
In 9.x
UUID:
getUUID

Eth0 Mac address:

getMAC 

Note: Use only eth0, ignore eth1.


3. Obtain a new license file (key) using the appropriate procedure below.

New license: Register the appliance in the support portal at https://support.fortinet.com.
For additional instructions on registering and applying licenses, see related KB article below. 

License needs to be changed:  Open a ticket with Customer Service to change the MAC address and UUID (if VM) of the existing license.  Provide the following so they can update the information in the Support Portal:
- Asset name
- Old and new MAC address
- UUID from the VM appliance

After the information has been updated, download a new license file for the FortiNAC VM appliance.

Then, it will be possible to download the license from the portal. It is a text file that starts with “FNC:”. It looks similar to
FNC:t19OTAvA9XHeIl0 ...

4. Install the key in Configuration Wizard

Access the Configuration Wizard by opening a browser on the PC by navigating to the following URL:
https://<IP Address>:8443/configWizard

IP address is the address of the FortiNAC eth0 interface. The “configWizard” is case sensitive.

5. Enter the Configuration Wizard credentials

The default configuration wizard credentials are as follows. The username will be config but if the password was changed during installation, use the appropriate password.

Default value is:
User Name = config
Password = config


6. The License Key Validation window is displayed.

- Copy the license key from the text file downloaded to the License Key field in the Configuration Wizard. The text string should include the FNC: and the whole following string.
- Click OK at the bottom of the License Key Validation window
- Click OK at the document screen
- Click Summary on the left column
- Click Apply
- Click Reboot

After some minutes the FortiNAC login screen should show up.

Note: If trying to access the interface too early, the screen might still show that the processes are down. This might take a few minutes. Crosscheck the logs as described in step 1.

High Availability configurations using Perpetual Licenses: If the license file was updated on the Primary Server due to a change in entitlement or concurrent count, the new entitlements must be copied to the Secondary Server.  See section Distribute New Licensing - High Availability in the License Upgrade Guide for instructions.  

Related Articles

Technical Tip: Endpoint licensing and license upgrades

Labels:
7590
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.