Fortinet black logo

New Features

FortiCare-generated license adoption for AWS PAYG variant  6.2.2

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:541888
Download PDF

FortiCare-generated license adoption for AWS PAYG variant 6.2.2

FortiGate pay as you go (PAYG) instances were using locally self-generated licenses, which posed limitations with installing other licenses, such as FortiToken. The new implementation uses FortiCare-generated licenses to resolve these problems.

FortiGate-VM AWS PAYG instances can now obtain FortiCare-generated licenses and register to FortiCare.

The valid license allows you to register to FortiCare to use features including FortiToken with the FortiGate-VM instance.

The FortiGate-VM must be able to reach FortiCare to receive a valid PAYG license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on security groups, access control lists, Internet gateways, route tables, public IP addresses, and so on.

If the FortiGate-VM instance is created in a closed environment or unable to reach FortiCare, the FortiGate-VM self-generates a local license as in previous versions of FortiOS. You can obtain a FortiCare license, ensure that the FortiGate-VM is able to connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

To deploy a FortiGate-VM 6.2 AWS PAYG instance:

When deploying a FortiGate-VM PAYG instance for AWS, you will use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. After deployment with this image, running get system status results in output that includes the following lines:

Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

Virus-DB: 71.00242(2019-08-30 08:19)

Extended DB: 1.00000(2018-04-09 18:07)

Extreme DB: 1.00000(2018-04-09 18:07)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGTAWS12345678

To upgrade a FortiGate-VM AWS PAYG instance from FortiOS 6.2.1 and earlier to 6.2:

Earlier versions used the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS PAYG instance. In 6.2, the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image is used to deploy a FortiGate-VM AWS PAYG instance.

When upgrading from an earlier FortiOS version, you must first upgrade using the FGT_VM64_AWSONDEMAND image, then use the FGT_VM64_AWS image.

  1. In FortiOS, perform an upgrade using the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image.
  2. Perform another upgrade, this time using the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. This process is irreversible.

  3. Run get system status results in output that includes the following lines:

    Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

    Virus-DB: 71.00246(2019-08-30 12:19)

    Extended DB: 1.00000(2018-04-09 18:07)

    Extreme DB: 1.00000(2018-04-09 18:07)

    IPS-DB: 14.00680(2019-08-30 02:29)

    IPS-ETDB: 0.00000(2001-01-01 00:00)

    APP-DB: 14.00680(2019-08-30 02:29)

    INDUSTRIAL-DB: 14.00680(2019-08-30 02:29)

    Serial-Number: FGTAWS1234567890

  4. For future upgrades, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to retain PAYG status. You cannot directly upgrade a FortiGate-VM AWS PAYG instance from 6.2.1 or earlier to 6.2.3 and later versions. You must first follow the procedure detailed above.

FortiCare-generated license adoption for AWS PAYG variant 6.2.2

FortiGate pay as you go (PAYG) instances were using locally self-generated licenses, which posed limitations with installing other licenses, such as FortiToken. The new implementation uses FortiCare-generated licenses to resolve these problems.

FortiGate-VM AWS PAYG instances can now obtain FortiCare-generated licenses and register to FortiCare.

The valid license allows you to register to FortiCare to use features including FortiToken with the FortiGate-VM instance.

The FortiGate-VM must be able to reach FortiCare to receive a valid PAYG license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on security groups, access control lists, Internet gateways, route tables, public IP addresses, and so on.

If the FortiGate-VM instance is created in a closed environment or unable to reach FortiCare, the FortiGate-VM self-generates a local license as in previous versions of FortiOS. You can obtain a FortiCare license, ensure that the FortiGate-VM is able to connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

To deploy a FortiGate-VM 6.2 AWS PAYG instance:

When deploying a FortiGate-VM PAYG instance for AWS, you will use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. After deployment with this image, running get system status results in output that includes the following lines:

Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

Virus-DB: 71.00242(2019-08-30 08:19)

Extended DB: 1.00000(2018-04-09 18:07)

Extreme DB: 1.00000(2018-04-09 18:07)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGTAWS12345678

To upgrade a FortiGate-VM AWS PAYG instance from FortiOS 6.2.1 and earlier to 6.2:

Earlier versions used the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS PAYG instance. In 6.2, the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image is used to deploy a FortiGate-VM AWS PAYG instance.

When upgrading from an earlier FortiOS version, you must first upgrade using the FGT_VM64_AWSONDEMAND image, then use the FGT_VM64_AWS image.

  1. In FortiOS, perform an upgrade using the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image.
  2. Perform another upgrade, this time using the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. This process is irreversible.

  3. Run get system status results in output that includes the following lines:

    Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)

    Virus-DB: 71.00246(2019-08-30 12:19)

    Extended DB: 1.00000(2018-04-09 18:07)

    Extreme DB: 1.00000(2018-04-09 18:07)

    IPS-DB: 14.00680(2019-08-30 02:29)

    IPS-ETDB: 0.00000(2001-01-01 00:00)

    APP-DB: 14.00680(2019-08-30 02:29)

    INDUSTRIAL-DB: 14.00680(2019-08-30 02:29)

    Serial-Number: FGTAWS1234567890

  4. For future upgrades, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to retain PAYG status. You cannot directly upgrade a FortiGate-VM AWS PAYG instance from 6.2.1 or earlier to 6.2.3 and later versions. You must first follow the procedure detailed above.