Obtaining a FortiCare-generated license for Azure on-demand instances
New Azure on-demand and upgraded instances can retrieve a FortiGate serial number and license from FortiCare servers. Using the serial number, you can register the device to their account and start using FortiToken and FortiGate Cloud services.
The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on the virtual network, subnet, network security group, route table, public IP addresses, and so on.
To verify cloudinit automatically obtained a license for a newly-deployed instance:
# diagnose debug cloudinit show >> Load VM metadata document >> Requesting FortiCare license: FGTAZRXXXXXXXXXX >> VM license install succeeded. Rebooting firewall. # diagnose debug vm-print-license SerialNumber: FGTAZRXXXXXXXXXX CreateDate: Wed Jul 29 16:48:34 2020 Key: yes Cert: yes Key2: yes Cert2: yes Model: PG (20) CPU: 2147483647 MEM: 2147483647
# execute vm-license PAYG license exists.
If in a closed network, the command execution resembles the following, as the execute vm-license command attempts to get a license from FortiCare:
# diagnose debug cloudinit show # diagnose debug vm-print-license SerialNumber: FGTAZRXXXXXXXXXX CreateDate: 1597362903 Model: PG (20) CPU: 2147483647 MEM: 2147483647 # execute vm-license This operation will reboot the system ! Do you want to continue? (y/n) Load VM metadata document Requesting FortiCare license: FGTAZRXXXXXXXXXX
If the FortiGate-VM connects to FortiCare successfully, the following message displays.
VM license install succeeded. Rebooting firewall.
To obtain a license for an upgraded instance or instance from a closed network:
If you created the FortiGate-VM in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.
# execute vm-license This operation will reboot the system ! Do you want to continue? (y/n)y Load VM metadata document Requesting FortiCare license: FGTAZRXXXZXXXXXX VM license install succeeded. Rebooting firewall.
To register the serial number:
- Register the license using the serial number in FortiCare (see Creating a support account).
- Obtain the VM ID:
- In FortiOS, run one of the following commands:
diagnose test application azd 6and search for theVM Instance IDget system instance-id
- In Azure, run
az vm show -g Resource-Group-Name -n PAYG-VM-Name --query vmId -o tsv.
It may take up to an hour for the registration status to synchronize and update in the FortiOS GUI.
- In FortiOS, run one of the following commands:
- Go Dashboard > Status and in the Licenses widget verify the FortiCare Support status.
- Once the registration is complete, you can log in to a FortiGate Cloud account and download the two free tokens that come standard with FortiGates (see FortiTokens).