FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
lfrancelj
Staff
Staff
Article Id 197678

Description


This article describes the procedure needed when a FortiNAC VM appliance has been migrated to another server or there have been network changes.

As the license of the FortiNAC VM appliance is tied to the MAC address and the UUID of the virtual machine, there can be cases when one of these two values change and in that case, the license would no longer be valid.
When the license is invalid, the FortiNAC will show the message 'Processes are Down' in the GUI and GUI logon will not be possible.

 
Note: while this error message can indicate licensing problems, it can be caused by other non-license related issues and support will help with these.
This message though might be normally seen on a secondary node while the primary is active. The processes will not start until they become active.


Solution

 

FortiNAC 8.x.

  1. Record the UUID and eth0 MAC Address for licensing with the following commands on the FortiNAC CLI.
    UUIDsysinfo -v | grep -i uuid.
    MAC address: ifconfig eth0.

  2. Compare them with the output of:

dumpkey
dumplicensecount -all

 

FortiNAC 9.x/F7.x.

  1. Compare information with the license information output from the following CLI command:

CentOS:  licensetool -check.

FortiNAC-OS: get system license -check.


Example output:
EFFECTIVE:

system_mac = xx:xx:xx:xx:xx:xx <-- MAC Address of the appliance.

system_uuid = xxxxxx-xxxx-xxxx-xxx-xxx <-- UUID of appliance.

valid_mac_uuid = true <-- MAC & UUID of the appliance and key file match.

serial = FNVMCATMxxxxxxx

type = NetworkControlApplicationServer

level = PRO

count = 200

expiration = 0

expired = false

mac = xx:xx:xx:xx:xx:xx <-- MAC Address in key file

uuid = xxxxxx-xxxx-xxxx-xxx-xxx <-- UUID in key file

certificates = [xxxxxx, xxxxxxxx]

 

These should show the current seat count and the MAC and UUID for which the license has been issued.

 

If the license details are different from the actual machine, the processes will not start with an invalid license.
The logs of the appliance will be marked as an invalid license.

  1. Open a ticket with Customer Support to change the MAC address and UUID.

    Provide Customer Support with the Asset name, old and new MAC addresses and new UUID from the VM appliance so customer support can update the information in the Support Portal.

    After the information has been updated, download a new license file for the FortiNAC VM appliance.

  2. Install the new key in Configuration Wizard.

Version 8.x - 9.1:

  1. Browse to https://<appliance hostname or eth0 IP Address>:8443/configWizard.

  2. Enter the Configuration Wizard credentials.

The default configuration wizard credentials are as follows. The username will be config but if it was changed during installation, use the appropriate password:
User Name = config.
Password = config.


Version 9.2 and higher:  

  1. Browse to https://<appliance hostname or eth0 IP Address>:8443/
  2. Navigate to System -> ConfigWizard.

  1. The License Key Validation window is displayed.

  • Copy the license key to the License Key field in the Configuration Wizard.
  • Select 'OK' at the bottom of the License Key Validation window.
  • Select 'OK' on the document screen.
  • Select 'Summary' in the left column.
  • Select 'Apply'.
  • Select 'Reboot'.