Fortinet Document Library

Version:


Table of Contents

Azure Administration Guide

7.0.0
Download PDF
Copy Link

Obtaining a FortiCare-generated license for Azure on-demand instances

New Azure on-demand and upgraded instances can retrieve a FortiGate serial number and license from FortiCare servers. Using the serial number, you can register the device to their account and start using FortiToken and FortiGate Cloud services.

The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on the virtual network, subnet, network security group, route table, public IP addresses, and so on.

This feature is only available for FortiOS 6.4.2 and later versions.

To verify cloudinit automatically obtained a license for a newly-deployed instance:
# diagnose debug cloudinit show
 >> Load VM metadata document
 >> Requesting FortiCare license: FGTAZRXXXXXXXXXX
 >> VM license install succeeded. Rebooting firewall.

# diagnose debug vm-print-license 
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: Wed Jul 29 16:48:34 2020
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647
			
# execute vm-license 
PAYG license exists.

If in a closed network, the command execution resembles the following, as the execute vm-license command attempts to get a license from FortiCare.

# diagnose debug cloudinit show 

# diagnose debug vm-print-license
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: 1597362903
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647

# execute vm-license
This operation will reboot the system !
Do you want to continue? (y/n)


Load VM metadata document
Requesting FortiCare license: FGTAZRXXXXXXXXXX

If the FortiGate-VM connects to FortiCare successfully, the following message displays.

VM license install succeeded. Rebooting firewall.

To obtain a license for an upgraded instance or instance from a closed network:

If you created the FortiGate-VM in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license as in previous FortiOS versions. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

# execute vm-license 
This operation will reboot the system !
Do you want to continue? (y/n)y

Load VM metadata document
Requesting FortiCare license: FGTAZRXXXZXXXXXX
VM license install succeeded. Rebooting firewall.
To register the serial number:
  1. Register the license using the serial number in FortiCare (see Creating a support account).
  2. Obtain the VM ID:
    • In FortiOS, run diagnose test application azd 6 and search for the VM Instance ID.
    • In Azure, run az vm show -g Resource-Group-Name -n PAYG-VM-Name --query vmId' -o tsv.
    • It may take up to an hour for the registration status to synchronize and update in the FortiOS GUI.

  3. Go Dashboard > Status and in the Licenses widget verify the FortiCare Support status.

  4. Once the registration is complete, you can log in to a FortiGate Cloud account and download the two free tokens that come standard with FortiGates (see FortiTokens).

Obtaining a FortiCare-generated license for Azure on-demand instances

New Azure on-demand and upgraded instances can retrieve a FortiGate serial number and license from FortiCare servers. Using the serial number, you can register the device to their account and start using FortiToken and FortiGate Cloud services.

The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on the virtual network, subnet, network security group, route table, public IP addresses, and so on.

This feature is only available for FortiOS 6.4.2 and later versions.

To verify cloudinit automatically obtained a license for a newly-deployed instance:
# diagnose debug cloudinit show
 >> Load VM metadata document
 >> Requesting FortiCare license: FGTAZRXXXXXXXXXX
 >> VM license install succeeded. Rebooting firewall.

# diagnose debug vm-print-license 
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: Wed Jul 29 16:48:34 2020
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647
			
# execute vm-license 
PAYG license exists.

If in a closed network, the command execution resembles the following, as the execute vm-license command attempts to get a license from FortiCare.

# diagnose debug cloudinit show 

# diagnose debug vm-print-license
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: 1597362903
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647

# execute vm-license
This operation will reboot the system !
Do you want to continue? (y/n)


Load VM metadata document
Requesting FortiCare license: FGTAZRXXXXXXXXXX

If the FortiGate-VM connects to FortiCare successfully, the following message displays.

VM license install succeeded. Rebooting firewall.

To obtain a license for an upgraded instance or instance from a closed network:

If you created the FortiGate-VM in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license as in previous FortiOS versions. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

# execute vm-license 
This operation will reboot the system !
Do you want to continue? (y/n)y

Load VM metadata document
Requesting FortiCare license: FGTAZRXXXZXXXXXX
VM license install succeeded. Rebooting firewall.
To register the serial number:
  1. Register the license using the serial number in FortiCare (see Creating a support account).
  2. Obtain the VM ID:
    • In FortiOS, run diagnose test application azd 6 and search for the VM Instance ID.
    • In Azure, run az vm show -g Resource-Group-Name -n PAYG-VM-Name --query vmId' -o tsv.
    • It may take up to an hour for the registration status to synchronize and update in the FortiOS GUI.

  3. Go Dashboard > Status and in the Licenses widget verify the FortiCare Support status.

  4. Once the registration is complete, you can log in to a FortiGate Cloud account and download the two free tokens that come standard with FortiGates (see FortiTokens).