I am in the process of upgrading our server OS's to Server 2012 R2. The last server i have to do is the one that hosts the Fortinet SSO Agent. Historically i believe people in my team have been keen to avoid touching this due to the risk of our users losing internet access or the perception that it was inherently difficult.
The server in question is a file server not a DC and currently has version 4.3.0124.
Looking at the SSO Agent configuration i can see that i am able to export the configuration but i cannot see any method of re importing that if i were to upgrade.
So i guess the question is am i able to do an in place upgrade from my current version to the latest version whilst still retaining the current configuration? If so are you guys aware of any possible problems i am likely to encounter going from such an old version of the agent to the latest?
correct, the config export is mostly useful for the support engineers. However if you have a look into the file then you swiftly realize that it is sort of registry printout. As whole FSSO agent config (no matter if Collector Agent, DC Agent, TS Agent) is just a bunch of registry records.
It is not possible to restore this exported config directly.
As you are going to upgrade whole server I would suggest to install newer FSSO Agent from scratch and make clean config. It's nothing difficult. Definitely use agent versions 5.x. Those 5.x FSSO agents are compatible with 5.x FortiOS. Broader compatibility is possible as there is minimum changes to FSSO protocol and newer agents have just additional features so they are backward compatible, however no one tested every-every combination so fully supported and guaranteed combination FortiOS x FSSO is always mentioned in FortiOS Release Notes. I'd suggest to use version according/aligned to your FortiOS.
In case of config troubles open ticket on support site and one of the engineers will help you.
Just as precaution, you can get ready (disabled) non-identity policy just to be able to bypass FSSO in case or during the server and Collector down time.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.