Fortinet black logo

VM Deployment Guide

Home FortiDDoS-F 6.1.0 VM Deployment Guide
6.1.0
6.1.0

Step 6: Upload the license file

Step 6: Upload the license file

When you purchase a license for FortiDDoS-VM, Technical Support provides a license file that you can use to convert the 15‑day trial license to a permanent, paid license.

You can upload the license via a web browser connection to the web UI. No maintenance period scheduling is required: it will not interrupt traffic, nor cause the appliance to reboot.

To upload the license via the web UI:
  1. On your management computer, start a web browser.

    2. Your computer must be connected to the same network as the hypervisor.

  2. In your browser’s URL or location field, enter the IP address of mgmt1 of the virtual appliance, such as: https://192.168.1.99/.
  3. Use the username admin and no password to log in.

    4. The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.

  4. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.

    5. The web UI opens to the dashboard.

  5. To upload the license file (.lic), go to System > FortiGuard.

After the license has been validated, the System Information widget indicates the following:

  • License row: The message: Valid: License has been successfully authenticated with registration servers.
  • Serial Number row: A number that indicates the maximum number of vCPUs that can be allocated according to the FortiDDoS-VM software license, such as FIVM16TM20090003 (where “VM16” indicates a limit of 16 vCPUs).

If logging is enabled, this log message will also be recorded in the event log:

"VM license has been updated by user admin via GUI(192.0.2.40)"

If the update did not succeed, on FortiDDoS, verify the following settings:

  • time zone & time
  • DNS settings
  • network interface up/down status
  • network interface IP address
  • static routes

On your computer, use nslookup to verify that FortiGuard domain names are resolving (VM license queries are sent to update.fortiguard.net).

C:\Users\username>nslookup update.fortiguard.net

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

Name: fds1.fortinet.com

Addresses: 209.66.81.150

209.66.81.151

208.91.112.66

Aliases: update.fortiguard.net

On FortiDDoS, use execute ping and execute traceroute to verify that connectivity from FortiDDoS to the Internet and FortiGuard is possible. Check the configuration of any NAT or firewall devices that exist between the FortiDDoS appliance and the FDN or FDS server override.

FortiDDoS # exec traceroute update.fortiguard.net

traceroute to update.fortiguard.net (209.66.81.150), 32 hops max, 84 byte packets

1 192.0.2.2 0 ms 0 ms 0 ms

2 209.87.254.221 <static-209-87-254-221.storm.ca> 4 ms 2 ms 3 ms

3 209.87.239.161 <core-2-g0-3.storm.ca> 2 ms 3 ms 3 ms

4 67.69.228.161 3 ms 4 ms 3 ms

5 64.230.164.17 <core2-ottawa23_POS13-1-0.net.bell.ca> 3 ms 5 ms 3 ms

6 64.230.99.250 <tcore4-ottawa23_0-4-2-0.net.bell.ca> 16 ms 17 ms 15 ms

7 64.230.79.222 <tcore3-montreal01_pos0-14-0-0.net.bell.ca> 14 ms 14 ms 15 ms

8 64.230.187.238 <newcore2-newyork83_so6-0-0_0> 63 ms 15 ms 14 ms

9 64.230.187.42 <bxX5-newyork83_POS9-0-0.net.bell.ca> 21 ms 64.230.187.93 <BX5-NEWYORK83_POS12-0-0_core.net.bell.ca> 17 ms 16 ms

10 67.69.246.78 <Abovenet_NY.net.bell.ca> 28 ms 28 ms 28 ms

11 64.125.21.86 <xe-1-3-0.cr2.lga5.us.above.net> 29 ms 29 ms 30 ms

12 64.125.27.33 <xe-0-2-0.cr2.ord2.us.above.net> 31 ms 31 ms 33 ms

13 64.125.25.6 <xe-4-1-0.cr2.sjc2.us.above.net> 82 ms 82 ms 100 ms

14 64.125.26.202 <xe-1-1-0.er2.sjc2.us.above.net> 80 ms 79 ms 82 ms

15 209.66.64.93 <209.66.64.93.t01015-01.above.net> 80 ms 80 ms 79 ms

16 209.66.81.150 <209.66.81.150.available.above.net> 83 ms 82 ms 81 ms

If the first connection had not succeeded, you can either wait up to 30 minutes for the next license query, or reboot.

execute reboot

If after 4 hours FortiDDoS still cannot validate its license, a warning message will be printed to the local console.

Previous
Next

Step 6: Upload the license file

When you purchase a license for FortiDDoS-VM, Technical Support provides a license file that you can use to convert the 15‑day trial license to a permanent, paid license.

You can upload the license via a web browser connection to the web UI. No maintenance period scheduling is required: it will not interrupt traffic, nor cause the appliance to reboot.

To upload the license via the web UI:
  1. On your management computer, start a web browser.

    2. Your computer must be connected to the same network as the hypervisor.

  2. In your browser’s URL or location field, enter the IP address of mgmt1 of the virtual appliance, such as: https://192.168.1.99/.
  3. Use the username admin and no password to log in.

    4. The system presents a self-signed security certificate, which it presents to clients whenever they initiate an HTTPS connection to it.

  4. Verify and accept the certificate, and acknowledge any warnings about self-signed certificates.

    5. The web UI opens to the dashboard.

  5. To upload the license file (.lic), go to System > FortiGuard.

After the license has been validated, the System Information widget indicates the following:

  • License row: The message: Valid: License has been successfully authenticated with registration servers.
  • Serial Number row: A number that indicates the maximum number of vCPUs that can be allocated according to the FortiDDoS-VM software license, such as FIVM16TM20090003 (where “VM16” indicates a limit of 16 vCPUs).

If logging is enabled, this log message will also be recorded in the event log:

"VM license has been updated by user admin via GUI(192.0.2.40)"

If the update did not succeed, on FortiDDoS, verify the following settings:

  • time zone & time
  • DNS settings
  • network interface up/down status
  • network interface IP address
  • static routes

On your computer, use nslookup to verify that FortiGuard domain names are resolving (VM license queries are sent to update.fortiguard.net).

C:\Users\username>nslookup update.fortiguard.net

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

Name: fds1.fortinet.com

Addresses: 209.66.81.150

209.66.81.151

208.91.112.66

Aliases: update.fortiguard.net

On FortiDDoS, use execute ping and execute traceroute to verify that connectivity from FortiDDoS to the Internet and FortiGuard is possible. Check the configuration of any NAT or firewall devices that exist between the FortiDDoS appliance and the FDN or FDS server override.

FortiDDoS # exec traceroute update.fortiguard.net

traceroute to update.fortiguard.net (209.66.81.150), 32 hops max, 84 byte packets

1 192.0.2.2 0 ms 0 ms 0 ms

2 209.87.254.221 <static-209-87-254-221.storm.ca> 4 ms 2 ms 3 ms

3 209.87.239.161 <core-2-g0-3.storm.ca> 2 ms 3 ms 3 ms

4 67.69.228.161 3 ms 4 ms 3 ms

5 64.230.164.17 <core2-ottawa23_POS13-1-0.net.bell.ca> 3 ms 5 ms 3 ms

6 64.230.99.250 <tcore4-ottawa23_0-4-2-0.net.bell.ca> 16 ms 17 ms 15 ms

7 64.230.79.222 <tcore3-montreal01_pos0-14-0-0.net.bell.ca> 14 ms 14 ms 15 ms

8 64.230.187.238 <newcore2-newyork83_so6-0-0_0> 63 ms 15 ms 14 ms

9 64.230.187.42 <bxX5-newyork83_POS9-0-0.net.bell.ca> 21 ms 64.230.187.93 <BX5-NEWYORK83_POS12-0-0_core.net.bell.ca> 17 ms 16 ms

10 67.69.246.78 <Abovenet_NY.net.bell.ca> 28 ms 28 ms 28 ms

11 64.125.21.86 <xe-1-3-0.cr2.lga5.us.above.net> 29 ms 29 ms 30 ms

12 64.125.27.33 <xe-0-2-0.cr2.ord2.us.above.net> 31 ms 31 ms 33 ms

13 64.125.25.6 <xe-4-1-0.cr2.sjc2.us.above.net> 82 ms 82 ms 100 ms

14 64.125.26.202 <xe-1-1-0.er2.sjc2.us.above.net> 80 ms 79 ms 82 ms

15 209.66.64.93 <209.66.64.93.t01015-01.above.net> 80 ms 80 ms 79 ms

16 209.66.81.150 <209.66.81.150.available.above.net> 83 ms 82 ms 81 ms

If the first connection had not succeeded, you can either wait up to 30 minutes for the next license query, or reboot.

execute reboot

If after 4 hours FortiDDoS still cannot validate its license, a warning message will be printed to the local console.

Previous
Next