Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
matanaskovic
Staff
Staff

Created on ‎08-08-2019 02:53 AM Edited on ‎11-07-2022 10:40 PM By Community Manager

Article Id 191906

Technical Tip: Upgrading FSSO Agents

Description


This article describes how to upgrade FSSO Collector Agent and its components.

Scope


Supported Mic

rosoft AD environments as per appropriate FortiOS Release Notes.

Solution

 

To upgrade FSSO Collector Agent(s) and other FSSO components installed in MS AD environment, follow the steps below:
 
Upgrading FSSO Collector Agents.
 
1) Download the installer from https://support.fortinet.com/Download/FirmwareImages.aspx by navigation to FSSO folder under FortiOS version that is running on the FortiGate, which communicates with the Collector Agent(s) that are going to be upgraded:
 
It is possible to choose between 32bit version i.e. FSSO_Setup_5.0.0301.exe and 64bit ie. FSSO_Setup_5.0.0301_x64.exe based on the target operating system.
 
2) Execute the installer. Confirm upgrading Fortinet Single Sign On Agent (Collector Agent):
 
 
 
 
3) Confirm all steps after which the installation will finish. Check the new version by select 'Show Service Status' in FSSO Collector Agent GUI:
 
 
 
 
If the Collector Agent is in other but DC Agent mode, the upgrade is finished and if needed skip below steps related to upgrading DC Agents.
 
However, if it is operating in DC Agent Mode, the DC Agent(s) needs to be upgraded as per the steps described further.
 
Upgrading DC Agents.
 
4) Go to Monitored DCs, select DC to Monitor and deselect all DCs that are selected, then confirm with 'OK'.
 
 
 
5) Confirm removing the DC Agent from target DC - Confirm with 'Yes'.
 
 
 
 
 
WARNING: REBOOT the targeted DC -> select 'NO' this time
 
6) The Select DC to Monitor should now show the DCs deselected.
 
 
 
 
Select the DCs again. This will install new version of DC Agents to the selected DCs.
 
 
 
 
Next step is to confirm with 'Yes'.
 
 
 
 
7) Finally, the last prompt will be displayed, where it is necessary to select 'Yes' to reboot the DC.
 
Although it is recommended to do it after the installation to correctly monitor DC for users’ logon events:
 
 
 
 
8) After reboot of the DCs, confirm that new version of DC Agent was installed by going to Select DCs to Monitor and wait for keepalive packet.
 
 
 
 
Or export configuration from Collector Agent's GUI, open it in a text editor and scroll to the bottom where the info about DC Agent version can be found at the bottom of the file:
 
 
 
 
After the upgrade, the configuration settings will remain.
 
Further Notes.
 
If Terminal Server Agent(s) is used, upgrade it the same manner as Fortinet Single Sign On Agent using TSAgent_Setup_5.0.0xxx.exe or its *. msi equivalent. Upgrading TS Agent requires reboot.
 
If GUI version of DC Agent is used, for its upgrade use standalone installer.
 
32 bit DCAgent_Setup_5.0.0xxx.exe or msi
64 bit DCAgent_Setup_5.0.0xxx_x64.exe or msi
44179
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.