Fortinet black logo

Validating the FortiGate-VM license with FortiManager

Copy Link
Copy Doc ID 5913e23d-6957-11ea-9384-00505692583a:857275
Download PDF

Validating the FortiGate-VM license with FortiManager

You can validate your FortiGate-VM license with some FortiManager models. To determine whether your FortiManager has the VM activation feature, see the FortiManager datasheet's Features section.

To validate your FortiGate-VM with your FortiManager:
  1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager:

    config fmupdate publicnetwork

    set status disable

    end

  2. To configure FortiGate-VM to use FortiManager as its override server, enter the following CLI commands on your FortiGate-VM:

    config system central-management

    set mode normal

    set type fortimanager

    set fmg <FortiManager IPv4 address>

    config server-list

    edit 1

    set server-type update

    set server-address <FortiManager IPv4 address>

    end

    end

    set fmg-source-ip <Source IPv4 address when connecting to the FortiManager>

    set include-default-servers disable

    set vdom <Enter the VDOM name to use when communicating with the FortiManager>

    end

  3. Load the FortiGate-VM license file in the GUI:
    1. Go to System > Dashboard > Status.
    2. In the License Information widget, in the Registration Status field, select Update.
    3. Browse for the .lic license file and select OK.
  4. To activate the FortiGate-VM license, enter the execute update-now command on your FortiGate-VM.
  5. To check the FortiGate-VM license status, enter the following CLI commands on your FortiGate-VM:

    get system status

    Version: Fortigate-VM v5.0,build0099,120910 (Interim)

    Virus-DB: 15.00361(2011-08-24 17:17)

    Extended DB: 15.00000(2011-08-24 17:09)

    Extreme DB: 14.00000(2011-08-24 17:10)

    IPS-DB: 3.00224(2011-10-28 16:39)

    FortiClient application signature package: 1.456(2012-01-17 18:27)

    Serial-Number: FGVM02Q105060000

    License Status: Valid

    BIOS version: 04000002

    Log hard disk: Available

    Hostname: Fortigate-VM

    Operation Mode: NAT

    Current virtual domain: root

    Max number of virtual domains: 10

    Virtual domains status: 1 in NAT mode, 0 in TP mode

    Virtual domain configuration: disable

    FIPS-CC mode: disable

    Current HA mode: standalone

    Distribution: International

    Branch point: 511

    Release Version Information: MR3 Patch 4

    System time: Wed Jan 18 11:24:34 2012

    diagnose hardware sysinfo vm full

    UUID: 564db33a29519f6b1025bf8539a41e92

    valid: 1

    status: 1

    code: 200 (If the license is a duplicate, code 401 displays)

    warn: 0

    copy: 0

    received: 45438

    warning: 0

    recv: 201201201918

    dup:

Licensing timeout

In closed environments without Internet access, you must license the FortiGate-VM offline using a FortiManager as a license server. If the FortiGate-VM cannot validate its license within the 30-day license timeout period, the FortiGate discards all packets, effectively ceasing operation as a firewall.

The license status goes through some changes before it times out:

Status

Description

Valid

The FortiGate can connect and validate against a FortiManager or FDS.

Warning

The FortiGate cannot connect and validate against a FortiManager or FDS. A check is made against how many days the Warning status has been continuous. If the number is less than 30 days the status does not change.

Invalid

The FortiGate cannot connect and validate against a FortiManager or FDS. A check is made against how many days the Warning status has been continuous. If the number is 30 days or more, the status changes to Invalid. The firewall ceases to function properly.

Note

There is only a single log entry after the FortiGate-VM cannot access the license server for the license expiration period. When you search the logs for the reason that the FortiGate is offline, there is not a long error log list that draws attention to the issue. There is only one entry.

Validating the FortiGate-VM license with FortiManager

You can validate your FortiGate-VM license with some FortiManager models. To determine whether your FortiManager has the VM activation feature, see the FortiManager datasheet's Features section.

To validate your FortiGate-VM with your FortiManager:
  1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager:

    config fmupdate publicnetwork

    set status disable

    end

  2. To configure FortiGate-VM to use FortiManager as its override server, enter the following CLI commands on your FortiGate-VM:

    config system central-management

    set mode normal

    set type fortimanager

    set fmg <FortiManager IPv4 address>

    config server-list

    edit 1

    set server-type update

    set server-address <FortiManager IPv4 address>

    end

    end

    set fmg-source-ip <Source IPv4 address when connecting to the FortiManager>

    set include-default-servers disable

    set vdom <Enter the VDOM name to use when communicating with the FortiManager>

    end

  3. Load the FortiGate-VM license file in the GUI:
    1. Go to System > Dashboard > Status.
    2. In the License Information widget, in the Registration Status field, select Update.
    3. Browse for the .lic license file and select OK.
  4. To activate the FortiGate-VM license, enter the execute update-now command on your FortiGate-VM.
  5. To check the FortiGate-VM license status, enter the following CLI commands on your FortiGate-VM:

    get system status

    Version: Fortigate-VM v5.0,build0099,120910 (Interim)

    Virus-DB: 15.00361(2011-08-24 17:17)

    Extended DB: 15.00000(2011-08-24 17:09)

    Extreme DB: 14.00000(2011-08-24 17:10)

    IPS-DB: 3.00224(2011-10-28 16:39)

    FortiClient application signature package: 1.456(2012-01-17 18:27)

    Serial-Number: FGVM02Q105060000

    License Status: Valid

    BIOS version: 04000002

    Log hard disk: Available

    Hostname: Fortigate-VM

    Operation Mode: NAT

    Current virtual domain: root

    Max number of virtual domains: 10

    Virtual domains status: 1 in NAT mode, 0 in TP mode

    Virtual domain configuration: disable

    FIPS-CC mode: disable

    Current HA mode: standalone

    Distribution: International

    Branch point: 511

    Release Version Information: MR3 Patch 4

    System time: Wed Jan 18 11:24:34 2012

    diagnose hardware sysinfo vm full

    UUID: 564db33a29519f6b1025bf8539a41e92

    valid: 1

    status: 1

    code: 200 (If the license is a duplicate, code 401 displays)

    warn: 0

    copy: 0

    received: 45438

    warning: 0

    recv: 201201201918

    dup:

Licensing timeout

In closed environments without Internet access, you must license the FortiGate-VM offline using a FortiManager as a license server. If the FortiGate-VM cannot validate its license within the 30-day license timeout period, the FortiGate discards all packets, effectively ceasing operation as a firewall.

The license status goes through some changes before it times out:

Status

Description

Valid

The FortiGate can connect and validate against a FortiManager or FDS.

Warning

The FortiGate cannot connect and validate against a FortiManager or FDS. A check is made against how many days the Warning status has been continuous. If the number is less than 30 days the status does not change.

Invalid

The FortiGate cannot connect and validate against a FortiManager or FDS. A check is made against how many days the Warning status has been continuous. If the number is 30 days or more, the status changes to Invalid. The firewall ceases to function properly.

Note

There is only a single log entry after the FortiGate-VM cannot access the license server for the license expiration period. When you search the logs for the reason that the FortiGate is offline, there is not a long error log list that draws attention to the issue. There is only one entry.