FortiCare-generated license adoption for AWS PAYG variant 6.2.2
FortiGate pay as you go (PAYG) instances were using locally self-generated licenses, which posed limitations with installing other licenses, such as FortiToken. The new implementation uses FortiCare-generated licenses to resolve these problems.
FortiGate-VM AWS PAYG instances can now obtain FortiCare-generated licenses and register to FortiCare.
The valid license allows you to register to FortiCare to use features including FortiToken with the FortiGate-VM instance.
The FortiGate-VM must be able to reach FortiCare to receive a valid PAYG license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on security groups, access control lists, Internet gateways, route tables, public IP addresses, and so on.
If the FortiGate-VM instance is created in a closed environment or unable to reach FortiCare, the FortiGate-VM self-generates a local license as in previous versions of FortiOS. You can obtain a FortiCare license, ensure that the FortiGate-VM is able to connect to FortiCare, then run the execute vm-license
command to obtain the license from FortiCare.
To deploy a FortiGate-VM 6.2 AWS PAYG instance:
When deploying a FortiGate-VM PAYG instance for AWS, you will use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. After deployment with this image, running get system status
results in output that includes the following lines:
Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)
Virus-DB: 71.00242(2019-08-30 08:19)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGTAWS12345678
To upgrade a FortiGate-VM AWS PAYG instance from FortiOS 6.2.1 and earlier to 6.2:
Earlier versions used the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image to deploy a FortiGate-VM AWS PAYG instance. In 6.2, the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image is used to deploy a FortiGate-VM AWS PAYG instance.
When upgrading from an earlier FortiOS version, you must first upgrade using the FGT_VM64_AWSONDEMAND image, then use the FGT_VM64_AWS image.
- In FortiOS, perform an upgrade using the FGT_VM64_AWSONDEMAND-v6-buildXXXX-FORTINET.out image.
- Perform another upgrade, this time using the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image. This process is irreversible.
- Run
get system status
results in output that includes the following lines:Version: FortiGate-VM64-AWS v6.2.2,buildXXXX,XXXXXX (GA)
Virus-DB: 71.00246(2019-08-30 12:19)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
IPS-DB: 14.00680(2019-08-30 02:29)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 14.00680(2019-08-30 02:29)
INDUSTRIAL-DB: 14.00680(2019-08-30 02:29)
Serial-Number: FGTAWS1234567890
- For future upgrades, use the FGT_VM64_AWS-v6-buildXXXX-FORTINET.out image to retain PAYG status. You cannot directly upgrade a FortiGate-VM AWS PAYG instance from 6.2.1 or earlier to 6.2.3 and later versions. You must first follow the procedure detailed above.