Created on 11-01-2023 08:37 AM Edited on 11-27-2024 03:30 AM By Jean-Philippe_P
This article describes how to navigate a scenario where the agent installation is not handled by any third-party software and needs to be updated from FortiNAC.
Any supported version of FortiNAC.
Step 1: Prepare the setup and get the latest Agent packages.
The latest agent packages can be downloaded after specifying the 'Agent Distribution Directory' in Settings -> Updates -> System as shown below:
The packages can be chosen from the provided list. The .jar file will be extracted and individual packages for the supported Operating systems will be available. These files can also be directly downloaded via the browser and manually installed on end hosts if needed.
Step 2: Configure the setup to automatically update the agent.
The update is done through FortiNAC without any interaction with the end host. Under the Users & Hosts -> Hosts menu, there is an option to 'Update Persistent Agent' for individual hosts that can be selected after right-clicking a relevant host.
There are some requirements for the update to work normally:
Note: In existing setups that have older agent versions installed (5.3 or lower) there are some things to check before proceeding with the upgrade. An important topic is the enforcement of secure agent communication: the UDP port can no longer be used. Only TCP communication and communication secured with TLS can be used. More details can be found in Windows Agent Release Notes.
The port can be easily tested with a telnet command on the end host or a tcpdump in FortiNAC:
If the communication is working normally, this error may still happen:
As seen above, the new agent version (9.4.0.93) was silently updated on the end host.
From the packet capture, it is also possible to see the request and response:
11:11:03.696251 IP (tos 0x0, ttl 126, id 64952, offset 0, flags [DF], proto TCP (6), length 284)
10.1.3.11.53471 > 10.0.0.5.80: Flags [P.], cksum 0x8417 (correct), seq 1:245, ack 1, win 1025, length 244: HTTP, length: 244
GET /remediation/agent/download?type=p&os=Windows&agentID=c62d4840-b97b-4bc8-8f97-773d926814c9 HTTP/1.1
Host: fnac.eb.eu
User-Agent: BSC Agent
Accept: */*
X-BNUserAgent: Bradford-Agent/9.4.0.93 (Windows 10 Pro 6.3 22H2 10.0.19045.3570;)
11:11:03.696262 IP (tos 0x0, ttl 64, id 23471, offset 0, flags [DF], proto TCP (6), length 40)
10.0.0.5.80 > 10.1.3.11.53471: Flags [.], cksum 0x172b (incorrect -> 0x20d1), ack 245, win 237, length 0
11:11:03.781351 IP (tos 0x0, ttl 64, id 23472, offset 0, flags [DF], proto TCP (6), length 6950)
10.0.0.5.80 > 10.1.3.11.53471: Flags [.], cksum 0x3229 (incorrect -> 0xb3d5), seq 1:6911, ack 245, win 237, length 6910: HTTP, length: 6910
HTTP/1.1 200 OK
Date: Tue, 31 Oct 2023 10:11:03 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 CET
Content-Disposition: attachment;filename="FortiNAC Persistent Agent.exe"
Content-Type: application/octet-stream
Content-Length: 6102648
Set-Cookie: JSESSIONID=A66D1428BF5093D0A971DE7D045C665C; Path=/remediation; HttpOnly;HttpOnly
The Agent Update can also be enabled as a global option (it is disabled by default). It will try three times to install the agent (~ every 15 minutes). In cases where some of the hosts failed to update the agent, the 'Reset Counter' button will enable three new update retries.
The auto-update procedure followed in the logs:
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:537 :: #844 :: agentCommunicated called for 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:537 :: #449 :: Took id 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: needsUpdate() platform = Windows
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: upd version = 9.4.2.99
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: host version = 9.4.1.98
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:538 :: #449 :: Host 158 needs update = true
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:539 :: #449 :: Needs update id: -1, attempts: 0, lastKnownVersion: 0.0.0.0
yams.AgentUpdate FINER :: 2023-10-31 13:51:31:643 :: #449 :: updateAttempt called with id: 158, attempts: 1, lastKnownVersion: 9.4.1.98
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:446 :: #820 :: agentCommunicated called for 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:446 :: #449 :: Took id 158
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:446 :: #449 :: needsUpdate() platform = Windows
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:452 :: #449 :: upd version = 9.4.2.99
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:453 :: #449 :: host version = 9.4.2.99
yams.AgentUpdate FINER :: 2023-10-31 13:51:44:453 :: #449 :: Host 158 needs update = false
More information can be found in the Persistent Agent Deployment and Configuration guide.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.