Fortinet white logo
Fortinet white logo

AWS Administration Guide

FortiCare-generated license adoption for AWS on-demand variant

FortiCare-generated license adoption for AWS on-demand variant

FortiGate on-demand instances were using locally self-generated licenses, which posed limitations with installing other licenses, such as FortiToken. The new implementation, introduced in FortiOS 6.2.2, uses FortiCare-generated licenses to resolve these problems.

FortiGate-VM AWS on-demand instances can now obtain FortiCare-generated licenses and register to FortiCare.

The valid license allows you to register to FortiCare to use features including FortiToken with the FortiGate-VM instance.

The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on security groups, access control lists, Internet gateways, route tables, public IP addresses, and so on.

If you created the FortiGate-VM instance in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license as in previous FortiOS versions. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

To deploy a FortiGate-VM 6.2.2 AWS on-demand instance:

When deploying a FortiGate-VM on-demand instance for AWS, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. After deployment with this image, running get system status results in output that includes the following lines:

Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

Virus-DB: 71.00242(2019-08-30 08:19)

Extended DB: 1.00000(2018-04-09 18:07)

Extreme DB: 1.00000(2018-04-09 18:07)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGTAWS12345678

To upgrade a FortiGate-VM AWS on-demand instance from FortiOS 6.2.1 and earlier to 6.2.2:

Earlier versions used the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS on-demand instance. In 6.2.2, you use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS on-demand instance.

When upgrading from an earlier FortiOS version, you must first upgrade using the FGT_VM64_AWSONDEMAND image, then use the FGT_VM64_AWS image.

  1. In FortiOS, perform an upgrade using the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image.
  2. Perform another upgrade, this time using the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. This process is irreversible.

  3. Running get system status results in output that includes the following lines:

    Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

    Virus-DB: 71.00246(2019-08-30 12:19)

    Extended DB: 1.00000(2018-04-09 18:07)

    Extreme DB: 1.00000(2018-04-09 18:07)

    IPS-DB: 14.00680(2019-08-30 02:29)

    IPS-ETDB: 0.00000(2001-01-01 00:00)

    APP-DB: 14.00680(2019-08-30 02:29)

    INDUSTRIAL-DB: 14.00680(2019-08-30 02:29)

    Serial-Number: FGTAWS1234567890

  4. For future upgrades, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to retain on-demand status. You cannot directly upgrade a FortiGate-VM AWS on-demand instance from 6.2.1 or earlier to 6.2.3 and later versions. You must first follow the procedure detailed above.

FortiCare-generated license adoption for AWS on-demand variant

FortiCare-generated license adoption for AWS on-demand variant

FortiGate on-demand instances were using locally self-generated licenses, which posed limitations with installing other licenses, such as FortiToken. The new implementation, introduced in FortiOS 6.2.2, uses FortiCare-generated licenses to resolve these problems.

FortiGate-VM AWS on-demand instances can now obtain FortiCare-generated licenses and register to FortiCare.

The valid license allows you to register to FortiCare to use features including FortiToken with the FortiGate-VM instance.

The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on security groups, access control lists, Internet gateways, route tables, public IP addresses, and so on.

If you created the FortiGate-VM instance in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license as in previous FortiOS versions. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

To deploy a FortiGate-VM 6.2.2 AWS on-demand instance:

When deploying a FortiGate-VM on-demand instance for AWS, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. After deployment with this image, running get system status results in output that includes the following lines:

Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

Virus-DB: 71.00242(2019-08-30 08:19)

Extended DB: 1.00000(2018-04-09 18:07)

Extreme DB: 1.00000(2018-04-09 18:07)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGTAWS12345678

To upgrade a FortiGate-VM AWS on-demand instance from FortiOS 6.2.1 and earlier to 6.2.2:

Earlier versions used the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS on-demand instance. In 6.2.2, you use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS on-demand instance.

When upgrading from an earlier FortiOS version, you must first upgrade using the FGT_VM64_AWSONDEMAND image, then use the FGT_VM64_AWS image.

  1. In FortiOS, perform an upgrade using the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image.
  2. Perform another upgrade, this time using the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. This process is irreversible.

  3. Running get system status results in output that includes the following lines:

    Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

    Virus-DB: 71.00246(2019-08-30 12:19)

    Extended DB: 1.00000(2018-04-09 18:07)

    Extreme DB: 1.00000(2018-04-09 18:07)

    IPS-DB: 14.00680(2019-08-30 02:29)

    IPS-ETDB: 0.00000(2001-01-01 00:00)

    APP-DB: 14.00680(2019-08-30 02:29)

    INDUSTRIAL-DB: 14.00680(2019-08-30 02:29)

    Serial-Number: FGTAWS1234567890

  4. For future upgrades, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to retain on-demand status. You cannot directly upgrade a FortiGate-VM AWS on-demand instance from 6.2.1 or earlier to 6.2.3 and later versions. You must first follow the procedure detailed above.