Fortinet black logo

VM Installation Guide

Step 5: Upload the license file

5.3.0
Copy Link
Copy Doc ID 96c7833d-d34d-11e9-8977-00505692583a:619361
Download PDF

Step 5: Upload the license file

When you purchase a license for FortiADC-VM, Technical Support provides a license file that you can use to convert the 15‑day trial license to a permanent, paid license.

You can upload the license via a web browser connection to the web UI. No maintenance period scheduling is required: it will not interrupt traffic, nor cause the appliance to reboot.

To upload the license via the web UI:
  1. On your management computer, start a web browser.
  2. Your computer must be connected to the same network as the hypervisor.

  3. In your browser’s URL or location field, enter the IP address of port1 of the virtual appliance, such as: https://192.168.1.99/.
  4. The web UI login page appears.

  5. Use the username admin and no password to log in.
  6. The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.

  7. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.
  8. The web UI opens to the dashboard.

  9. In the System Information portlet, use the update link and the Browse button to upload the license file (.lic).

After the license has been validated, the System Information widget indicates the following:

  • License row: The message: Valid: License has been successfully authenticated with registration servers.
  • Serial Number row: A number that indicates the maximum number of vCPUs that can be allocated according to the FortiADC-VM software license, such as FADV0100000028122 (where “V01” indicates a limit of 1 vCPUs).

If logging is enabled, this log message will also be recorded in the event log:

"VM license has been updated by user admin via GUI(192.0.2.40)"

If the update did not succeed, on FortiADC, verify the following settings:

  • time zone & time
  • DNS settings
  • network interface up/down status
  • network interface IP address
  • static routes

On your computer, use nslookup to verify that FortiGuard domain names are resolving (VM license queries are sent to update.fortiguard.net).

C:\Users\username>nslookup update.fortiguard.net

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

Name: fds1.fortinet.com

Addresses: 209.66.81.150

209.66.81.151

208.91.112.66

Aliases: update.fortiguard.net

On FortiADC, use execute ping and execute traceroute to verify that connectivity from FortiADC to the Internet and FortiGuard is possible. Check the configuration of any NAT or firewall devices that exist between the FortiADC appliance and the FDN or FDS server override.

FortiADC # exec traceroute update.fortiguard.net

traceroute to update.fortiguard.net (209.66.81.150), 32 hops max, 84 byte packets

1 192.0.2.2 0 ms 0 ms 0 ms

2 209.87.254.221 <static-209-87-254-221.storm.ca> 4 ms 2 ms 3 ms

3 209.87.239.161 <core-2-g0-3.storm.ca> 2 ms 3 ms 3 ms

4 67.69.228.161 3 ms 4 ms 3 ms

5 64.230.164.17 <core2-ottawa23_POS13-1-0.net.bell.ca> 3 ms 5 ms 3 ms

6 64.230.99.250 <tcore4-ottawa23_0-4-2-0.net.bell.ca> 16 ms 17 ms 15 ms

7 64.230.79.222 <tcore3-montreal01_pos0-14-0-0.net.bell.ca> 14 ms 14 ms 15 ms

8 64.230.187.238 <newcore2-newyork83_so6-0-0_0> 63 ms 15 ms 14 ms

9 64.230.187.42 <bxX5-newyork83_POS9-0-0.net.bell.ca> 21 ms 64.230.187.93 <BX5-NEWYORK83_POS12-0-0_core.net.bell.ca> 17 ms 16 ms

10 67.69.246.78 <Abovenet_NY.net.bell.ca> 28 ms 28 ms 28 ms

11 64.125.21.86 <xe-1-3-0.cr2.lga5.us.above.net> 29 ms 29 ms 30 ms

12 64.125.27.33 <xe-0-2-0.cr2.ord2.us.above.net> 31 ms 31 ms 33 ms

13 64.125.25.6 <xe-4-1-0.cr2.sjc2.us.above.net> 82 ms 82 ms 100 ms

14 64.125.26.202 <xe-1-1-0.er2.sjc2.us.above.net> 80 ms 79 ms 82 ms

15 209.66.64.93 <209.66.64.93.t01015-01.above.net> 80 ms 80 ms 79 ms

16 209.66.81.150 <209.66.81.150.available.above.net> 83 ms 82 ms 81 ms

If the first connection had not succeeded, you can either wait up to 30 minutes for the next license query, or reboot.

execute reboot

If after 4 hours FortiADC still cannot validate its license, a warning message will be printed to the local console.

Step 5: Upload the license file

When you purchase a license for FortiADC-VM, Technical Support provides a license file that you can use to convert the 15‑day trial license to a permanent, paid license.

You can upload the license via a web browser connection to the web UI. No maintenance period scheduling is required: it will not interrupt traffic, nor cause the appliance to reboot.

To upload the license via the web UI:
  1. On your management computer, start a web browser.
  2. Your computer must be connected to the same network as the hypervisor.

  3. In your browser’s URL or location field, enter the IP address of port1 of the virtual appliance, such as: https://192.168.1.99/.
  4. The web UI login page appears.

  5. Use the username admin and no password to log in.
  6. The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.

  7. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.
  8. The web UI opens to the dashboard.

  9. In the System Information portlet, use the update link and the Browse button to upload the license file (.lic).

After the license has been validated, the System Information widget indicates the following:

  • License row: The message: Valid: License has been successfully authenticated with registration servers.
  • Serial Number row: A number that indicates the maximum number of vCPUs that can be allocated according to the FortiADC-VM software license, such as FADV0100000028122 (where “V01” indicates a limit of 1 vCPUs).

If logging is enabled, this log message will also be recorded in the event log:

"VM license has been updated by user admin via GUI(192.0.2.40)"

If the update did not succeed, on FortiADC, verify the following settings:

  • time zone & time
  • DNS settings
  • network interface up/down status
  • network interface IP address
  • static routes

On your computer, use nslookup to verify that FortiGuard domain names are resolving (VM license queries are sent to update.fortiguard.net).

C:\Users\username>nslookup update.fortiguard.net

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

Name: fds1.fortinet.com

Addresses: 209.66.81.150

209.66.81.151

208.91.112.66

Aliases: update.fortiguard.net

On FortiADC, use execute ping and execute traceroute to verify that connectivity from FortiADC to the Internet and FortiGuard is possible. Check the configuration of any NAT or firewall devices that exist between the FortiADC appliance and the FDN or FDS server override.

FortiADC # exec traceroute update.fortiguard.net

traceroute to update.fortiguard.net (209.66.81.150), 32 hops max, 84 byte packets

1 192.0.2.2 0 ms 0 ms 0 ms

2 209.87.254.221 <static-209-87-254-221.storm.ca> 4 ms 2 ms 3 ms

3 209.87.239.161 <core-2-g0-3.storm.ca> 2 ms 3 ms 3 ms

4 67.69.228.161 3 ms 4 ms 3 ms

5 64.230.164.17 <core2-ottawa23_POS13-1-0.net.bell.ca> 3 ms 5 ms 3 ms

6 64.230.99.250 <tcore4-ottawa23_0-4-2-0.net.bell.ca> 16 ms 17 ms 15 ms

7 64.230.79.222 <tcore3-montreal01_pos0-14-0-0.net.bell.ca> 14 ms 14 ms 15 ms

8 64.230.187.238 <newcore2-newyork83_so6-0-0_0> 63 ms 15 ms 14 ms

9 64.230.187.42 <bxX5-newyork83_POS9-0-0.net.bell.ca> 21 ms 64.230.187.93 <BX5-NEWYORK83_POS12-0-0_core.net.bell.ca> 17 ms 16 ms

10 67.69.246.78 <Abovenet_NY.net.bell.ca> 28 ms 28 ms 28 ms

11 64.125.21.86 <xe-1-3-0.cr2.lga5.us.above.net> 29 ms 29 ms 30 ms

12 64.125.27.33 <xe-0-2-0.cr2.ord2.us.above.net> 31 ms 31 ms 33 ms

13 64.125.25.6 <xe-4-1-0.cr2.sjc2.us.above.net> 82 ms 82 ms 100 ms

14 64.125.26.202 <xe-1-1-0.er2.sjc2.us.above.net> 80 ms 79 ms 82 ms

15 209.66.64.93 <209.66.64.93.t01015-01.above.net> 80 ms 80 ms 79 ms

16 209.66.81.150 <209.66.81.150.available.above.net> 83 ms 82 ms 81 ms

If the first connection had not succeeded, you can either wait up to 30 minutes for the next license query, or reboot.

execute reboot

If after 4 hours FortiADC still cannot validate its license, a warning message will be printed to the local console.