Injecting FortiFlex license via web proxy 7.0.4
You can inject a FortiFlex license into a FortiGate-VM instance via a web proxy. This enhancement allows a FortiGate-VM in an environment where it can only access the Internet via a web proxy to inject a FortiFlex license.
The process of injecting the FortiFlex license via a web proxy consists of the following steps:
- Ensure that the FortiGate-VM has Internet connectivity properly configured.
- Injecting a FortiFlex license into a FortiGate-VM instance . You can inject the FortiGate-VM instance with a FortiFlex license in one of the following ways:
- Using the FortiOS CLI. See To inject a FortiFlex license into the FortiGate-VM instance via the FortiOS CLI:.
- Using an OVF template. See To inject a FortiFlex license into the FortiGate-VM instance via an OVF template:.
- Using cloud-init. See To inject a FortiFlex license into the FortiGate-VM instance via cloud-init:.
- Confirming that the license token is injected
- Configuring web proxy tunneling for FDN
Injecting a FortiFlex license into a FortiGate-VM instance
To inject a FortiFlex license into the FortiGate-VM instance via the FortiOS CLI:
You can use of the following commands to inject a FortiFlex license into the FortiGate-VM instance:
execute vm-license <license_token> <proxy>
The following are examples of the syntax for <proxy>
:
http://user:password@proxyip:proxyport
user:password@proxyip:proxyport
The following shows examples for each command:
exec vm-license 58923569A3FFB7F46879 http://qa:123456@10.1.100.74:8080
exec vm-license 95D87F50C075C6F20EE7 hazel:123456@10.1.100.74:8080
To inject a FortiFlex license into the FortiGate-VM instance via an OVF template:
While launching a new FGT-VM64 with vCenter, enter <license_token> http://user:password@proxyip:proxyport
in the Customize template > License Token field. In the example, 95D87F50C075C6F20EE7 hazel:123456@10.1.100.74:8080
is entered in the License Token field.
To inject a FortiFlex license into the FortiGate-VM instance via cloud-init:
The following are the MIME files that you can use to inject a FortiFlex license into a FortiGate-VM instance using cloud-init. The first file contains configuration information for the FortiGate-VM, while the second file contains the license token information.
Content-Type: multipart/mixed; boundary="===============0740947994048919689=="
MIME-Version: 1.0
--===============0740947994048919689==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="config"
config sys glo
set hostname FGT-MSSP-MIME
set admintimeout 480
end
......
--===============0740947994048919689==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="license"
LICENSE-TOKEN:FF69500C90C1604F71EE
--===============0740947994048919689==--
See cloud-init Documentation for details.
Confirming that the license token is injected
To confirm that the license token is injected:
diagnose debug cloudinit show
>> Checking metadata source ovf
>> Found metadata source: ovf
>> Trying to install vmlicense ...
>> License-token:95D87F50C075C6F20EE7 http://qa:123456@10.1.100.74:8080
>> Config script is not available
get system status
Version: FortiGate-VM64 v7.0.4,build0292,220115 (interim)
Serial-Number: FGVMMLTM111111
Configuring web proxy tunneling for FDN
After the FortiFlex license is installed, the FortiGate-VM must validate the license on FDN servers. You can also configure a proxy to accomplish this.
To configure web proxy tunneling for FDN:
config system autoupdate tunneling
set status enable
set address "<web proxy IP address or FQDN>"
set port <web proxy port>
set username "<username>"
set password <password>
end
It may take a while for FortiGate-VM to be able to validate the VM license and update UTM signatures from FortiGuard. The following shows the output from get system status
when the FortiGate-VM has completed the validation and update:
Version: FortiGate-VM64 v7.0.4,build0292,220115 (interim)
Virus-DB: 89.08825(2022-01-18 21:26)
Extended DB: 89.08825(2022-01-18 21:26)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 2.04168(2022-01-18 18:45)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 19.00243(2022-01-18 01:30)
APP-DB: 19.00243(2022-01-18 01:30)
INDUSTRIAL-DB: 19.00243(2022-01-18 01:30)
IPS Malicious URL Database: 3.00246(2022-01-18 20:50)
Serial-Number: FGVMMLTM111111
License Status: Valid
License Expiration Date: 2022-10-31
VM Resources: 1 CPU/2 allowed, 2007 MB RAM
Log hard disk: Available
Hostname: FGT-DEMO
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 0292
Release Version Information: interim
FortiOS x86-64: Yes
System time: Tue Jan 18 21:46:36 2022
Last reboot reason: warm reboot