Fortinet Document Library

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Migrate a FortiAnalyzer-VM license to VM-S 7.0.1

This feature allows administrators to apply a VM subscription license (VM-S) on top of an existing FortiAnalyzer-VM license, allowing you to migrate your FortiAnalyzer-VM (perpetual) to the VM-S (subscription) model. FortiAnalyzer will use the new license's serial number and notify all connected FortiGate models of the change.

To migrate a FortiAnalyzer-VM license to VM-S:
  1. Download your new subscription license file from FortiCare, which includes the new serial number.
    In this example, the old serial number is FAZ-VMTM20012786 and the new serial number is FAZVMSTM21002251.
  2. On the FortiAnalyzer-VM currently using a perpetual license, run the CLI command: exec migrate serial-number-list <new serial number>. After running the command, OFTP will automatically restart.
    For example:

    FAZVM64 # exec migrate serial-number-list FAZVMSTM21002251

    After execute migrate serial number list, oftpd will restart!

    Do you want to continue? (y/n)y

  3. After a short wait, check on the FortiAnalyzer side to ensure that each FortiGate is connected, and select one or more FortiGates to check to see if the new serial number has been recognized.
    1. On the FortiAnalyzer side, run the diagnose test application oftpd 3 command to check the status of connected FortiGate devices.

      FAZVM64 # diagnose test application oftpd 3

      # SN HOSTNAME IP UPTIME IDLETIME #PKTS

      --------------------------------------------------------------------------------

      1 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 2s 2s 2

      2 FGVMSLTM21000416 FortiGate-VM-214 10.4.90.250 3s 2s 6

      3 FGVMSLTM21000398 FortiGate-VM-212 10.4.90.212 8s 8s 3

      4 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 9s 9s 5

      5 FGVMSLTM21000417 FortiGate-VM-215 10.4.90.250 9s 4s 7

      6 FEVM040000218711 mail01 10.4.90.250 23s 23s 1

      7 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 2s 1s 4

      8 FGVMSLTM21000416 FortiGate-VM-214 10.4.90.250 3s 3s 3

      9 FGVMSLTM21000398 FortiGate-VM-212 10.4.90.212 8s 3s 7

      10 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 9s 9s 3

      11 FGVMSLTM21000417 FortiGate-VM-215 10.4.90.250 9s 9s 3

      12 FGVMSLTM21000416 FortiGate-VM-214 10.4.90.250 9s 9s 3

    2. On the FortiGate side, run the config log fortianalyzer setting command. The serial number(s) shown below are used to notify FortiGate that FortiAnalyzer's serial number will change later. The new serial number(s) will not take effect until the new VM-S license files are installed.

      FortiGate-VM-212 (global) # config log fortianalyzer setting

      FortiGate-VM-212 (setting) # get

      status : enable

      ips-archive : enable

      server : 10.4.90.216

      certificate-verification: enable

      serial : "FAZ-VMTM20012786" "FAZVMSTM21002251"

      preshared-key :

      access-config : enable

      enc-algorithm : high

      ssl-min-proto-version: default

      conn-timeout : 10

      monitor-keepalive-period: 5

      monitor-failure-retry-period: 5

      certificate :

      source-ip :

      interface-select-method: auto

      upload-option : realtime

      reliable : enable

      priority : default

      max-log-rate : 0

  4. Install the new VM-S license file through the FortiAnalyzer GUI.
    FortiAnalyzer will automatically reboot once the license file has been added.
  5. After the FortiAnalyzer reboots, use the following CLI commands on FortiAnalyzer to verify that FortiGate devices are able to connect and send logs, and check that the new serial number and VM license information has been migrated to VM-S on FortiAnalyzer.

    FAZ #: diag test app oftp 3

    FAZ #: diag debug vminfo

    FAZ #: get sys status

Migrate a FortiAnalyzer-VM license to VM-S 7.0.1

This feature allows administrators to apply a VM subscription license (VM-S) on top of an existing FortiAnalyzer-VM license, allowing you to migrate your FortiAnalyzer-VM (perpetual) to the VM-S (subscription) model. FortiAnalyzer will use the new license's serial number and notify all connected FortiGate models of the change.

To migrate a FortiAnalyzer-VM license to VM-S:
  1. Download your new subscription license file from FortiCare, which includes the new serial number.
    In this example, the old serial number is FAZ-VMTM20012786 and the new serial number is FAZVMSTM21002251.
  2. On the FortiAnalyzer-VM currently using a perpetual license, run the CLI command: exec migrate serial-number-list <new serial number>. After running the command, OFTP will automatically restart.
    For example:

    FAZVM64 # exec migrate serial-number-list FAZVMSTM21002251

    After execute migrate serial number list, oftpd will restart!

    Do you want to continue? (y/n)y

  3. After a short wait, check on the FortiAnalyzer side to ensure that each FortiGate is connected, and select one or more FortiGates to check to see if the new serial number has been recognized.
    1. On the FortiAnalyzer side, run the diagnose test application oftpd 3 command to check the status of connected FortiGate devices.

      FAZVM64 # diagnose test application oftpd 3

      # SN HOSTNAME IP UPTIME IDLETIME #PKTS

      --------------------------------------------------------------------------------

      1 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 2s 2s 2

      2 FGVMSLTM21000416 FortiGate-VM-214 10.4.90.250 3s 2s 6

      3 FGVMSLTM21000398 FortiGate-VM-212 10.4.90.212 8s 8s 3

      4 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 9s 9s 5

      5 FGVMSLTM21000417 FortiGate-VM-215 10.4.90.250 9s 4s 7

      6 FEVM040000218711 mail01 10.4.90.250 23s 23s 1

      7 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 2s 1s 4

      8 FGVMSLTM21000416 FortiGate-VM-214 10.4.90.250 3s 3s 3

      9 FGVMSLTM21000398 FortiGate-VM-212 10.4.90.212 8s 3s 7

      10 FGVMSLTM21000399 FortiGate-VM-213 10.4.90.213 9s 9s 3

      11 FGVMSLTM21000417 FortiGate-VM-215 10.4.90.250 9s 9s 3

      12 FGVMSLTM21000416 FortiGate-VM-214 10.4.90.250 9s 9s 3

    2. On the FortiGate side, run the config log fortianalyzer setting command. The serial number(s) shown below are used to notify FortiGate that FortiAnalyzer's serial number will change later. The new serial number(s) will not take effect until the new VM-S license files are installed.

      FortiGate-VM-212 (global) # config log fortianalyzer setting

      FortiGate-VM-212 (setting) # get

      status : enable

      ips-archive : enable

      server : 10.4.90.216

      certificate-verification: enable

      serial : "FAZ-VMTM20012786" "FAZVMSTM21002251"

      preshared-key :

      access-config : enable

      enc-algorithm : high

      ssl-min-proto-version: default

      conn-timeout : 10

      monitor-keepalive-period: 5

      monitor-failure-retry-period: 5

      certificate :

      source-ip :

      interface-select-method: auto

      upload-option : realtime

      reliable : enable

      priority : default

      max-log-rate : 0

  4. Install the new VM-S license file through the FortiAnalyzer GUI.
    FortiAnalyzer will automatically reboot once the license file has been added.
  5. After the FortiAnalyzer reboots, use the following CLI commands on FortiAnalyzer to verify that FortiGate devices are able to connect and send logs, and check that the new serial number and VM license information has been migrated to VM-S on FortiAnalyzer.

    FAZ #: diag test app oftp 3

    FAZ #: diag debug vminfo

    FAZ #: get sys status