Created on
11-01-2023
08:37 AM
Edited on
11-27-2024
03:30 AM
By
Jean-Philippe_P
Description
This article describes how to navigate a scenario where the agent installation is not handled by any third-party software and needs to be updated from FortiNAC.
Scope
Any supported version of FortiNAC.
Solution
Step 1: Prepare the setup and get the latest Agent packages.
The latest agent packages can be downloaded after specifying the 'Agent Distribution Directory' in Settings -> Updates -> System as shown below:
The packages can be chosen from the provided list. The .jar file will be extracted and individual packages for the supported Operating systems will be available. These files can also be directly downloaded via the browser and manually installed on end hosts if needed.
Step 2: Configure the setup to automatically update the agent.
The update is done through FortiNAC without any interaction with the end host. Under the Users & Hosts -> Hosts menu, there is an option to 'Update Persistent Agent' for individual hosts that can be selected after right-clicking a relevant host.
There are some requirements for the update to work normally:
- The host should be online and the agent should be able to communicate with FortiNAC. The persistent Agent icon should be green. Test basic communication by right-clicking in the host and selecting 'Send Message': the message should then appear in the end host.
- Port 80 should be open for communication between the end host and FortiNAC. If the port is blocked from the GUI, the following loading screen will appear for some time:
Note: In existing setups that have older agent versions installed (5.3 or lower) there are some things to check before proceeding with the upgrade. An important topic is the enforcement of secure agent communication: the UDP port can no longer be used. Only TCP communication and communication secured with TLS can be used. More details can be found in Windows Agent Release Notes.
The port can be easily tested with a telnet command on the end host or a tcpdump in FortiNAC:
11:04:44.191833 IP (tos 0x0, ttl 64, id 16233, offset 0, flags [DF], proto TCP (6), length 461)
10.0.0.5.80 > 10.1.3.11.53460: Flags [P.], cksum 0x18d0 (incorrect -> 0x8bd2), seq 1:422, ack 4, win 229, length 421: HTTP, length: 421
HTTP/1.1 400 Bad Request
Date: Tue, 31 Oct 2023 10:04:44 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
If the communication is working normally, this error may still happen:
logs
tf output.master
yams.AgentUpdate FINER :: 2023-10-31 11:08:49:975 :: #845 :: agentCommunicated called for 158
yams.AgentUpdate FINER :: 2023-10-31 11:08:49:976 :: #449 :: Took id 158
yams.AgentUpdate FINER :: 2023-10-31 11:09:42:765 :: #845 :: timeLeft = 90000
...
yams.AgentUpdate FINER :: 2023-10-31 11:09:55:461 :: #823 :: agentCommunicated called for 158
yams.AgentUpdate FINER :: 2023-10-31 11:09:55:461 :: #449 :: Took id 158
yams.AgentUpdate FINER :: 2023-10-31 11:09:55:461 :: #845 :: version = 9.4.0.93
yams.AgentUpdate FINER :: 2023-10-31 11:09:55:461 :: #845 :: newVersion = 9.4.0.93
As seen above, the new agent version (9.4.0.93) was silently updated on the end host.
From the packet capture, it is also possible to see the request and response:
11:11:03.696251 IP (tos 0x0, ttl 126, id 64952, offset 0, flags [DF], proto TCP (6), length 284)
10.1.3.11.53471 > 10.0.0.5.80: Flags [P.], cksum 0x8417 (correct), seq 1:245, ack 1, win 1025, length 244: HTTP, length: 244
GET /remediation/agent/download?type=p&os=Windows&agentID=c62d4840-b97b-4bc8-8f97-773d926814c9 HTTP/1.1
Host: fnac.eb.eu
User-Agent: BSC Agent
Accept: */*
X-BNUserAgent: Bradford-Agent/9.4.0.93 (Windows 10 Pro 6.3 22H2 10.0.19045.3570;)
11:11:03.696262 IP (tos 0x0, ttl 64, id 23471, offset 0, flags [DF], proto TCP (6), length 40)
10.0.0.5.80 > 10.1.3.11.53471: Flags [.], cksum 0x172b (incorrect -> 0x20d1), ack 245, win 237, length 0
11:11:03.781351 IP (tos 0x0, ttl 64, id 23472, offset 0, flags [DF], proto TCP (6), length 6950)
10.0.0.5.80 > 10.1.3.11.53471: Flags [.], cksum 0x3229 (incorrect -> 0xb3d5), seq 1:6911, ack 245, win 237, length 6910: HTTP, length: 6910
HTTP/1.1 200 OK
Date: Tue, 31 Oct 2023 10:11:03 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 CET
Content-Disposition: attachment;filename="FortiNAC Persistent Agent.exe"
Content-Type: application/octet-stream
Content-Length: 6102648
Set-Cookie: JSESSIONID=A66D1428BF5093D0A971DE7D045C665C; Path=/remediation; HttpOnly;HttpOnly
The Agent Update can also be enabled as a global option (it is disabled by default). It will try three times to install the agent (~ every 15 minutes). In cases where some of the hosts failed to update the agent, the 'Reset Counter' button will enable three new update retries.
The auto-update procedure followed in the logs:
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:537 :: #844 :: agentCommunicated called for 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:537 :: #449 :: Took id 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: needsUpdate() platform = Windows
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: upd version = 9.4.2.99
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: host version = 9.4.1.98
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: Host 158 needs update = true
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:539 :: #449 :: Needs update id: -1, attempts: 0, lastKnownVersion: 0.0.0.0
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:643 :: #449 :: updateAttempt called with id: 158, attempts: 1, lastKnownVersion: 9.4.1.98
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:446 :: #820 :: agentCommunicated called for 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:446 :: #449 :: Took id 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:446 :: #449 :: needsUpdate() platform = Windows
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:452 :: #449 :: upd version = 9.4.2.99
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:453 :: #449 :: host version = 9.4.2.99
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:453 :: #449 :: Host 158 needs update = false
More information can be found in the Persistent Agent Deployment and Configuration guide.