Licensing in an air-gap environment
When performing the initial setup of FortiAnalyzer, you are required to register your FortiAnalyzer to FortiCare, which typically requires internet access. While operating in a closed network or air-gap environment, you must complete this step by uploading the entitlements file through the FortiAnalyzer GUI or CLI.
To register FortiAnalyzer in an air-gap environment:
- In FortiAnalyzer, disable access to the public FortiGuard Distribution Servers (FDS) using the following CLI commands:
config fmupdate publicnetwork
set status disable
end
- Connect to the FortiAnalyzer GUI, and on the FortiAnalyzer login screen, click Upload License.
- Click Browse to select your FortiAnalyzer license or drag-and-drop the license file, and click Upload.
The license file will be applied, and the FortiAnalyzer will be restarted in order to verify the license. - Sign in to FortiAnalyzer.
The FortiAnalyzer Setup Wizard is displayed.
In order to access your FortiAnalyzer, it must be registered to FortiCare in the FortiAnalyzer Setup Wizard. - On FortiCloud, create a ticket for your FortiAnalyzer entitlements file, and Fortinet Customer Service will provide you with the file.
- You can upload your entitlement file either through the setup wizard or through the FortiAnalyzer CLI.
- Onboarding wizard:
- Select Import the Entitlement File in the FortiAnalyzer Setup wizard.
- Drag and drop the entitlement file into the import area, or click Add Files to select the file location.
- Command line interface:
- Open the FortiAnalyzer CLI.
Upload the entitlement file using the following command.
execute fmupdate <ftp | scp | tftp> import license <filename> <server> <port> <directory> <username> <password>
The
<port>
variable is only required when connecting to a remote SCP host. The<directory>
,<username>
, and<password>
variables are only required for logging into a FTP server or SCP host to download the file. For more information, see the FortiAnalyzer CLI Reference.For example:
execute fmupdate ftp import license entitlement-file 172.10.1.10 /pub/place user1 password1
This operation will replace the current package!
Do you want to continue? (y/n)y
Start getting file from FTP Server...
Transferred 0.001M of 0.001M in 0:00:00s (0.008M/s)
FTP transfer is successful.
Package installation is in process...
This could take some time.
Update successfully
- Onboarding wizard:
- The FortiAnalyzer Setup wizard will display that you are successfully registered with FortiCare.