Hi Guys
I am in the process of upgrading our server OS's to Server 2012 R2. The last server i have to do is the one that hosts the Fortinet SSO Agent. Historically i believe people in my team have been keen to avoid touching this due to the risk of our users losing internet access or the perception that it was inherently difficult.
The server in question is a file server not a DC and currently has version 4.3.0124.
Looking at the SSO Agent configuration i can see that i am able to export the configuration but i cannot see any method of re importing that if i were to upgrade.
So i guess the question is am i able to do an in place upgrade from my current version to the latest version whilst still retaining the current configuration? If so are you guys aware of any possible problems i am likely to encounter going from such an old version of the agent to the latest?
Thank you in advance for your help
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
That config file isn't used for the backup but for support.
You can backup/restore the config using the registry. KB article on howto do this is here: http://kb.fortinet.com/kb/documentLink.do?externalID=FD39358
I've tested it out and the restore works well. Upgrading is just a matter of installing the newest version which will confirm before upgrading the installed version.
Hi,
correct, the config export is mostly useful for the support engineers. However if you have a look into the file then you swiftly realize that it is sort of registry printout. As whole FSSO agent config (no matter if Collector Agent, DC Agent, TS Agent) is just a bunch of registry records.
It is not possible to restore this exported config directly.
As you are going to upgrade whole server I would suggest to install newer FSSO Agent from scratch and make clean config. It's nothing difficult. Definitely use agent versions 5.x. Those 5.x FSSO agents are compatible with 5.x FortiOS. Broader compatibility is possible as there is minimum changes to FSSO protocol and newer agents have just additional features so they are backward compatible, however no one tested every-every combination so fully supported and guaranteed combination FortiOS x FSSO is always mentioned in FortiOS Release Notes. I'd suggest to use version according/aligned to your FortiOS.
In case of config troubles open ticket on support site and one of the engineers will help you.
Just as precaution, you can get ready (disabled) non-identity policy just to be able to bypass FSSO in case or during the server and Collector down time.
Best regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
thanks guys, i really appreciate the assistance
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.