VM license
You can access the FortiGate VM License page from the Dashboard > Status page in the Virtual Machine widget. Click the device license and select FortiGate VM License.
The FortiGate VM License page displays the following information:
|
Field |
Description |
|---|---|
|
License status |
Displays one of the following statuses:
Reasons for having a warning or invalid status include:
|
|
Allocated vCPUs |
Number of allocated and total allowable vCPUs |
|
Allocated RAM |
Amount of allocated RAM. There is no RAM restriction. |
|
Expires on |
Expiry date. The value depends on the license type. |
This information is visible in the CLI by running get system status (see CLI troubleshooting).
Uploading a license file
After you submit an order for a FortiGate-VM, Fortinet sends a license registration code to the email address that you entered in the order form. Use this code on the FortiCloud portal to register the FortiGate-VM.
Once the VM is registered, you can download the license file in .LIC format. On the FortiGate VM License page, click Upload. The system prompts you to reboot and validate the license with the FortiGuard server. Once validated, your FortiGate-VM is fully functional.
The VM license window may also appear immediately after logging in if you are running a VM with an evaluation license that has expired.
In cases where the GUI is not accessible, you can upload the license using secure copy (SCP).
|
For information about injecting FortiFlex license tokens, see Injecting tokens into FortiGate-VM in the Flex VM Deployment Guide. |
To upload the license using SCP:
- Enable SCP:
config system global set admin-scp enable end - Enable SSH in the administrative access for the interface where the transfer will take place:
config system interface edit <interface> append allowaccess ssh next end - On your computer, upload the VM license. This example is for Linux:
scp <filename> <admin-user>@<FortiGate_IP>:vmlicense
Types of VM licenses
FortiGate-VM offers perpetual licensing (normal series and V-series) and annual subscription licensing (S-series). SKUs are based on the number of vCPUs (1, 2, 4, 8, 16, 32, or unlimited).
The FortiFlex program allows qualified enterprise and MSSP customers to create as many VM entitlements as required. Resource consumption is based upon predefined points that are calculated on a daily basis. For information, see the FortiFlex Program Guide in the Fortinet document library.
|
Feature |
Normal series |
V-series |
S-series |
FortiFlex |
|---|---|---|---|---|
|
Licensing and support |
The VM base is perpetual. You must separately contract support services on an annual basis. See the price list for details. |
Single annually contracted SKU that contains a VM base and a FortiCare service bundle. Four support service bundle types are available:
|
An annually contracted program to create multiple sets of a single entitlement per VM. Entitlements contain a VM base and FortiCare bundle. Four support service bundle types are available:
|
|
|
vCPU number upgrade during contracted term |
Not supported. |
Supported. You can also upgrade the support service bundle. Contact a Fortinet sales representative to upgrade. |
Supported. You can apply different VM entitlement configurations in the FortiFlex portal. API is not supported at this time. |
|
|
vCPU number downgrade during contracted term |
Not supported. |
|
||
|
VDOM support |
By default, each CPU level supports up to a certain number of VDOMs. Refer to the FortiGate-VM data sheet for default limits. |
By default, all CPU levels do not support adding VDOMs. V-series VM instances support split-task VDOMs without any additional VDOM licenses. |
By default, all CPU levels do not support adding VDOMs. S-series VM instances support split-task VDOMs without any additional VDOM licenses. S-series VM instances support the subscription VDOM license. |
FortiFlex instances support split-task VDOMs without any additional VDOM licenses. |
Consuming a new vCPU
In a scenario where you have not allocated all the vCPUs allotted by your VM entitlement, you can add additional vCPUs to your FortiGate VM. The vCPU allocation can be verified in the GUI and CLI.
To confirm the vCPU allocation in the GUI:
- Go to Dashboard > Status, and locate the Virtual Machine widget.
- Verify the Allocate vCPUs field, which displays the number and percentage of allocated vCPUs.
To confirm the vCPU allocation in the CLI:
# get system status | grep "VM Resources" VM Resources: 1 CPU/4 allowed, 2006 MB RAM
You can increase the number of vCPUs on running FortiGate VM models that support hot-adding. Once the hot-adding is complete, perform one of the following for FortiOS to recognize the new CPUs:
- Enter
execute cpu add <number_of_new_vCPUs>. - Reboot the FortiGate.
CLI troubleshooting
In some cases, you can view more information from the CLI to diagnose issues with VM licensing. This is also useful when the GUI is inaccessible due to an invalid contract.
Before you begin, ensure that your FortiGate has the proper routes to connect to the Internet. Run all following debug commands for a full picture of the issue.
To view the license status, expiration date, and VM resources:
# get system status Version: FortiGate-VM64-KVM v6.4.2,build1723,200730 (GA) ... Serial-Number: FGVM08********** .... License Status: Valid License Expiration Date: 2020-12-10 VM Resources: 1 CPU/8 allowed, 2010 MB RAM ...
To display license details:
# diagnose debug vm-print-license SerialNumber: FGVM08********** CreateDate: Tue Dec 10 00:57:32 2019 License expires: Thu Dec 10 00:00:00 2020 Expiry: 366 Key: yes Cert: yes Key2: yes Cert2: yes Model: 08 (11) CPU: 8 MEM: 2147483647
To display license information from FortiGuard:
# diagnose hardware sysinfo vm full UUID: abbe**************************** valid: 1 status: 1 code: 200 warn: 0 copy: 0 received: 4604955037 warning: 4600905081 recv: 202009152207 dup:
|
Field |
Value and description |
|---|---|
|
Valid |
0 – Invalid 1 – Valid |
|
Status |
0 – Startup 1 – Success 2 – Warning 3 – Error 4 – Invalid Copy 5 – Eval Expired 6 - Grace Period. For FortiFlex, there is a two-hour grace period to begin passing traffic upon retrieving the license from FortiCare. |
|
Code |
2xx, 3xx – Success 200 – Valid 202 – Accepted (treated as correct response code) 4xx - Error 400 – Expired 401 – Duplicate 5xx – Warning 500 - Warning 502 – Invalid. Cannot connect to FDS 6xx – Evaluation license expired
Other codes - Error |
The following are examples of common combinations:
This combination indicates the license is valid and functioning normally:
valid: 1 status: 1 code: 200
This combination indicates the license itself is valid, but is running on a duplicate instance:
valid: 1 status: 4 code: 401
This combination indicates the system cannot connect to FortiGuard:
valid: 0 status: 2 code: 502
This combination indicates the license is expired and invalid:
valid: 0 status: 3 code: 400
This combination indicates the VM is unlicensed:
valid: 0 status: 3 code: 0
For FortiFlex licenses, the following command allows you to enter the license token and proxy information:
# execute vm-license <token> https://<username>:<password>@<proxy IP address>:<proxy port>
The following error codes can be received from the FortiCare server:
1 - Runtime error (server unhandled error on FortiCare sever)
57 - License Token is invalid
58 - License Token is already used and cannot be used again to retrieve license key
The following error code can be generated on the FortiGate itself:
60 - Failed to request forticare license. Failed to download VM license.
Contact Fortinet Support for assistance if your licensing issue persists.