Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tehvlb
New Contributor

Created on ‎01-11-2018 01:40 AM

Upgrading SSO Agent

Hi Guys

 

I am in the process of upgrading our server OS's to Server 2012 R2.  The last server i have to do is the one that hosts the Fortinet SSO Agent.  Historically i believe people in my team have been keen to avoid touching this due to the risk of our users losing internet access or the perception that it was inherently difficult.

 

The server in question is a file server not a DC and currently has version 4.3.0124.

 

Looking at the SSO Agent configuration i can see that i am able to export the configuration but i cannot see any method of re importing that if i were to upgrade.

 

So i guess the question is am i able to do an in place upgrade from my current version to the latest version whilst still retaining the current configuration? If so are you guys aware of any possible problems i am likely to encounter going from such an old version of the agent to the latest?

 

Thank you in advance for your help

 

 

4919
0 Kudos
3 REPLIES 3
neonbit
Valued Contributor

Created on ‎01-11-2018 04:38 AM

That config file isn't used for the backup but for support.

 

You can backup/restore the config using the registry. KB article on howto do this is here: http://kb.fortinet.com/kb/documentLink.do?externalID=FD39358

 

I've tested it out and the restore works well. Upgrading is just a matter of installing the newest version which will confirm before upgrading the installed version.

1463
0 Kudos
xsilver_FTNT
Staff
Staff
In response to neonbit

Created on ‎01-11-2018 05:11 AM

Hi,

correct, the config export is mostly useful for the support engineers. However if you have a look into the file then you swiftly realize that it is sort of registry printout. As whole FSSO agent config (no matter if Collector Agent, DC Agent, TS Agent) is just a bunch of registry records.

It is not possible to restore this exported config directly.

 

As you are going to upgrade whole server I would suggest to install newer FSSO Agent from scratch and make clean config. It's nothing difficult. Definitely use agent versions 5.x. Those 5.x FSSO agents are compatible with 5.x FortiOS. Broader compatibility is possible as there is minimum changes to FSSO protocol and newer agents have just additional features so they are backward compatible, however no one tested every-every combination so fully supported and guaranteed combination FortiOS x FSSO is always mentioned in FortiOS Release Notes. I'd suggest to use version according/aligned to your FortiOS.

 

In case of config troubles open ticket on support site and one of the engineers will help you.

Just as precaution, you can get ready (disabled) non-identity policy just to be able to bypass FSSO in case or during the server and Collector down time.

 

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1481
0 Kudos
tehvlb
New Contributor
In response to neonbit

Created on ‎01-11-2018 05:50 AM

thanks guys, i really appreciate the assistance

 

 

1481
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.