You can validate your FortiGate-VM license with some FortiManager models. To determine whether your FortiManager has the VM activation feature, see the FortiManager datasheet's Features section.
- To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager:
config fmupdate publicnetwork
set status disable
- To configure FortiGate-VM to use FortiManager as its override server, enter the following CLI commands on your FortiGate-VM:
config system central-management
set mode normal
set type fortimanager
set fmg <FortiManager IPv4 address>
set server-type update
set server-address <FortiManager IPv4 address>
set fmg-source-ip <Source IPv4 address when connecting to the FortiManager>
set include-default-servers disable
set vdom <Enter the VDOM name to use when communicating with the FortiManager>
- Load the FortiGate-VM license file in the GUI:
- Go to System > Dashboard > Status.
- In the License Information widget, in the Registration Status field, select Update.
- Browse for the
.liclicense file and select OK.
- To activate the FortiGate-VM license, enter the
execute update-nowcommand on your FortiGate-VM.
- To check the FortiGate-VM license status, enter the following CLI commands on your FortiGate-VM:
get system status
Version: Fortigate-VM v5.0,build0099,120910 (Interim)
Virus-DB: 15.00361(2011-08-24 17:17)
Extended DB: 15.00000(2011-08-24 17:09)
Extreme DB: 14.00000(2011-08-24 17:10)
IPS-DB: 3.00224(2011-10-28 16:39)
FortiClient application signature package: 1.456(2012-01-17 18:27)
License Status: Valid
BIOS version: 04000002
Log hard disk: Available
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 511
Release Version Information: MR3 Patch 4
System time: Wed Jan 18 11:24:34 2012
diagnose hardware sysinfo vm full
code: 200 (If the license is a duplicate, code 401 will be displayed)
In closed environments without Internet access, performing offline licensing of the FortiGate-VM using a FortiManager as a license server is mandatory. If the FortiGate-VM cannot perform license validation within the license timeout period, which is 30 days, the FortiGate will discard all packets, effectively ceasing operation as a firewall.
The license status goes through some changes before it times out.
The FortiGate can connect and validate against a FortiManager or FDS
The FortiGate cannot connect and validate against a FortiManager or FDS. A check is made against how many days the Warning status has been continuous. If the number is less than 30 days the status does not change.
The FortiGate cannot connect and validate against a FortiManager or FDS. A check is made against how many days the Warning status has been continuous. If the number is 30 days or more, the status changes to Invalid. The firewall ceases to function properly.
There is only a single log entry after the FortiGate-VM cannot access the license server for the license expiration period. When you search the logs for the reason that the FortiGate is offline, there is not a long error log list that draws attention to the issue. There is only one entry.