Step 5: Upload the license file
When you purchase a license for FortiADC-VM, Technical Support provides a license file that you can use to convert the 15‑day trial license to a permanent, paid license.
You can upload the license via a web browser connection to the web UI. No maintenance period scheduling is required: it will not interrupt traffic, nor cause the appliance to reboot.
To upload the license via the web UI:
- On your management computer, start a web browser.
- In your browser’s URL or location field, enter the IP address of port1 of the virtual appliance, such as:
https://192.168.1.99/
. - Use the username
admin
and no password to log in. - Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.
- In the System Information portlet, use the update link and the Browse button to upload the license file (.lic).
Your computer must be connected to the same network as the hypervisor.
The web UI login page appears.
The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.
The web UI opens to the dashboard.
After the license has been validated, the System Information widget indicates the following:
- License row: The message:
Valid: License has been successfully authenticated with registration servers.
- Serial Number row: A number that indicates the maximum number of vCPUs that can be allocated according to the FortiADC-VM software license, such as
FADV0100000028122
(where “V01” indicates a limit of 1 vCPUs).
If logging is enabled, this log message will also be recorded in the event log:
"VM license has been updated by user admin via GUI(192.0.2.40)"
If the update did not succeed, on FortiADC, verify the following settings:
- time zone & time
- DNS settings
- network interface up/down status
- network interface IP address
- static routes
On your computer, use nslookup
to verify that FortiGuard domain names are resolving (VM license queries are sent to update.fortiguard.net
).
C:\Users\username>nslookup update.fortiguard.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: fds1.fortinet.com
Addresses: 209.66.81.150
209.66.81.151
208.91.112.66
Aliases: update.fortiguard.net
On FortiADC, use execute ping
and execute traceroute
to verify that connectivity from FortiADC to the Internet and FortiGuard is possible. Check the configuration of any NAT or firewall devices that exist between the FortiADC appliance and the FDN or FDS server override.
FortiADC # exec traceroute update.fortiguard.net
traceroute to update.fortiguard.net (209.66.81.150), 32 hops max, 84 byte packets
1 192.0.2.2 0 ms 0 ms 0 ms
2 209.87.254.221 <static-209-87-254-221.storm.ca> 4 ms 2 ms 3 ms
3 209.87.239.161 <core-2-g0-3.storm.ca> 2 ms 3 ms 3 ms
4 67.69.228.161 3 ms 4 ms 3 ms
5 64.230.164.17 <core2-ottawa23_POS13-1-0.net.bell.ca> 3 ms 5 ms 3 ms
6 64.230.99.250 <tcore4-ottawa23_0-4-2-0.net.bell.ca> 16 ms 17 ms 15 ms
7 64.230.79.222 <tcore3-montreal01_pos0-14-0-0.net.bell.ca> 14 ms 14 ms 15 ms
8 64.230.187.238 <newcore2-newyork83_so6-0-0_0> 63 ms 15 ms 14 ms
9 64.230.187.42 <bxX5-newyork83_POS9-0-0.net.bell.ca> 21 ms 64.230.187.93 <BX5-NEWYORK83_POS12-0-0_core.net.bell.ca> 17 ms 16 ms
10 67.69.246.78 <Abovenet_NY.net.bell.ca> 28 ms 28 ms 28 ms
11 64.125.21.86 <xe-1-3-0.cr2.lga5.us.above.net> 29 ms 29 ms 30 ms
12 64.125.27.33 <xe-0-2-0.cr2.ord2.us.above.net> 31 ms 31 ms 33 ms
13 64.125.25.6 <xe-4-1-0.cr2.sjc2.us.above.net> 82 ms 82 ms 100 ms
14 64.125.26.202 <xe-1-1-0.er2.sjc2.us.above.net> 80 ms 79 ms 82 ms
15 209.66.64.93 <209.66.64.93.t01015-01.above.net> 80 ms 80 ms 79 ms
16 209.66.81.150 <209.66.81.150.available.above.net> 83 ms 82 ms 81 ms
If the first connection had not succeeded, you can either wait up to 30 minutes for the next license query, or reboot.
execute reboot
If after 4 hours FortiADC still cannot validate its license, a warning message will be printed to the local console.