Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
lfrancelj
Staff
Staff

Created on ‎12-13-2020 09:21 AM

Article Id 191733

Technical Tip: Standalone FortiNAC shows two nodes in dashboard causing failure when upgrading

Description
This article describes how to fix duplicate entries of a standalone FortiNAC node causing failure to upgrade.

Solution
1) Login to FortiNAC with SSH client.
2) Open file /bsc/campusMgr/bin/.networkConfig with your favorite text editor (ex. 'nano' or 'v') and make sure that there are no duplicate IP entries in 'StandbyServer=' and 'NetworkControlServerSecondary'.
3) See below example of the configuration file when there is no HA used/configured:
//Bradford Networks Configuration File
yamsrc=/bsc/campusMgr/master_loader/.yamsrc
logFile=/bsc/logs/processManager/output.processManager
// Used to see full debug, true=on, false=off
Debug=false
// The primary and secondary IP address for this pair of servers
PrimaryServer=192.168.1.1
StandbyServer=
//Enter the network control manager IP addresses
NetworkControlManagerPrimary=
NetworkControlManagerSecondary=
//Enter the network control server IP addresses
NetworkControlServerPrimary=192.168.1.1
NetworkControlServerSecondary=
//Enter the network application server IP addresses
NetworkApplicationServerPrimary=
NetworkApplicationServerSecondary=
//Gateway address. This can be any device that supports ICMP Ping and is not
//connected to the same switch as the CM box.
Gateway=192.168.1.99
// DON'T TOUCH 1=Primary in control, 2=Secondary in control
Status=1
// Runtime modifications
4) Check the /etc/hosts file with your favorite text editor (ex. 'nano' or 'vi') and make sure that there are no duplicate IP records with IP address configured on eth0 interface.
5) See below example of the configuration file when there is no HA used/configured:
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.6.6      hub6.yourname.com hub6
127.0.6.3      remediation6.rem.forti.lab remediation6
127.0.6.4      registration6.reg.forti.lab registration6
127.0.6.5      authentication6.yourname.com authentication6
127.0.6.6      vpn6.yourname.com vpn6
127.0.6.7      deadend6.yourname.com deadend6
127.0.6.10      isolation6.iso.forti.lab isolation6
192.168.1.1     fortinac.forti.lab      fortinac        nac     cm <----- Note that these 4 entries in this line are intended and needed.
192.168.2.20      isolation.iso.forti.lab isolation
127.0.0.2      hub.yourname.com hub
192.168.2.22       remediation.rem.forti.lab remediation
192.168.2.21       registration.reg.forti.lab registration
127.0.0.5      authentication.yourname.com authentication
127.0.0.6       vpn.yourname.com vpn
127.0.0.7      deadend.yourname.com deadend
127.0.0.8       remotescan.bradfordnetworks.com remotescan
127.0.0.9       remotereg.bradfordnetworks.com remotereg

Labels:
319
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.