Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Registering FortiGate

    Registering FortiGate

    The FortiGate, and then its service contract, must be registered to have full access to Fortinet Customer Service and Support, and FortiGuard services. The FortiGate can be registered in either the FortiGate GUI or the FortiCloud support portal. The service contract can be registered from the FortiCloud support portal.

    Note

    The service contract number is needed to complete registrations on the FortiCloud support portal. You can find this 12-digit number in the email that contains your service registration document (sent from do-not-reply-contract@fortinet.com) in the service entitlement summary.

    Recent FortiGate models include a new BIOS version with a security enhancement that requires you to register your FortiGate and download the registration information to your FortiGate before you have complete access to the GUI or CLI. You must also register your FortiGate before you can upgrade its firmware.

    Although it is recommended to register all FortiGate models to FortiCare, it is not required for older FortiGate models without the latest BIOS version.

    This topic contains the following sections:

    Registering recent FortiGate models

    For recent FortiGate models with the new BIOS version, FortiCare registration is required after new GUI login. When logging in to the FortiOS GUI for the first time on a new FortiGate installation, you are directed to the FortiCare registration dialog box to register your device with FortiCare. You must register the FortiGate to FortiCare before you can access the GUI for further device configuration.

    For the list of affected devices, see Registration before device configuration FAQ.

    Until the device is registered with FortiCare, the FortiOS CLI is read-only, except for the following commands:

    • config firewall

    • config ftp-proxy

    • config router

    • config system

    • config web-proxy

    Only a subset of settings related to network configurations are supported.

    To register recent FortiGate models with FortiCare:

    1. Log in to the FortiOS GUI. The Register with FortiCare dialog box is displayed:

    2. With FortiCloud set to Login, complete the fields, and click OK to register with FortiCare.

      If you do not want to register the device now, click Log Out, and register the device another time. However, you will be unable to access the GUI for further device configuration.

      The FortiGate Setup wizard is displayed.

    3. Click Begin to continue. See Completing the FortiGate Setup wizard.

    Registering recent FortiGate models in an air-gapped environment

    This section applies to FortiGate models with the latest BIOS version.

    The FortiGate setup wizard can be used to manually upload a previously downloaded license file, allowing successful registration even when the device is unable to reach FortiCare. On FortiCare, register the FortiGate, download the license file, and use the wizard to upload the offline license file to the off-network FortiGate. As long as the FortiGate serial number in the license file matches the serial number of the off-network FortiGate, the device is considered registered. This is particularly useful for air-gapped environments where the lack of internet connectivity is by design.

    To register an off-network FortiGate to FortiCare:

    1. Go to FortiCare, log in, and register the FortiGate using the Asset Management portal. See Registering assets.

    2. From FortiCare, download the license file. See Viewing licenses and keys.

    3. On the off-network FortiGate, log in to FortiOS and select Upload off-network license file.

    4. Upload the off-network license file and click OK.

      Once the upload is completed and the serial number in the license file matches the serial number of the FortiGate, the following screen is displayed:

    5. Click OK to continue to proceed to the FortiGate Setup wizard. See Completing the FortiGate Setup wizard.

    Registering FortiGate models

    This section applies to older FortiGate models without the latest BIOS version.

    For FortiGate models connected to the internet, you have the option of registering the device with FortiCare using the Setup wizard.

    To register FortiGate models in the GUI:

    1. Connect to the FortiGate GUI. The FortiGate Setup wizard appears.

    2. Click Begin. The Register with FortiCare step is displayed.

    3. Register the FortiGate to FortiCare, and click OK. The next step in the wizard is displayed.

      Complete the wizard, or click Later to complete the wizard later. See Completing the FortiGate Setup wizard for details.

    4. Go to System > FortiGuard and click Activate subscription.

      In the CLI use exec fortiguard-log certificate-activation <code>.

    5. Enter the contract registration code from your service registration document.

    6. Click OK.

    Registering on the FortiCloud support portal

    To register the FortiGate on the FortiCloud support portal:

    FortiGates can be registered with the Register More button in the Products views. For details, see Registering assets in the FortiCloud Account Services Asset Management guide.

    Bypassing FortiCare registration

    By default, FortiGates with new BIOS are set to FortiCare registration level 2 in the BIOS, and you must register the device to FortiCare before you can access the GUI. However, you can use the BIOS menu to manually set the FortiCare registration level to 1, and then you can bypass FortiCare registration in the GUI.

    To change the FortiCare registration level:

    1. Using the console cable, connect the FortiGate unit’s console port to the serial communications (COM) port on your management computer. See Connecting to the CLI.

    2. Hard reboot the FortiGate.

    3. Press a key to interrupt the boot process when prompted:

      Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu...

    4. Enter I to access System configuration and information. 

      [C]:  Configure TFTP parameters.
[R]:  Review TFTP parameters.
[T]:  Initiate TFTP firmware transfer.
[F]:  Format boot device.
[B]:  Boot with backup firmware and set as default.
[I]:  System configuration and information.
[Q]:  Quit menu and continue to boot.
[H]:  Display this list of options.

    5. Enter C to access Set FortiCare registration. 

      Enter C,R,T,F,B,I,Q,or H:
[S]:  Set serial port baudrate (will take effect on next boot).
[R]:  Set restricted mode.
[T]:  Set menu timeout.
[U]:  Set security level.
[C]:  Set FortiCare registration.
[I]:  Display system information.
[E]:  Reset system configuration.
[M]:  Display SPD information.
[Q]:  Quit menu and continue to boot.
[H]:  Display this list of options.

    6. Enter 1 to set Not Enforce. 

      Enter S,R,T,U,C,I,E,M,Q,or H:
[1]:  Not Enforce
[2]:  Enforce
Enter FortiCare registration setting [2]: 1
    To bypass FortiCare registration in the GUI after setting FortiCare registration Level to 1 in the BIOS:

    1. Ensure the FortiGate has the correct networking configuration to reach the internet, such as receiving IP and gateway addresses from DHCP. See Configuring basic settings.

    2. Log in to the FortiOS GUI. The Register with FortiCare dialog box is displayed:

    3. Click Later to proceed without registering the FortiGate to FortiCare.

      The FortiGate Setup wizard is displayed.

    4. Click Begin to continue. See also Completing the FortiGate Setup wizard.

    Previous
    Next

    Registering FortiGate

    Registering FortiGate

    The FortiGate, and then its service contract, must be registered to have full access to Fortinet Customer Service and Support, and FortiGuard services. The FortiGate can be registered in either the FortiGate GUI or the FortiCloud support portal. The service contract can be registered from the FortiCloud support portal.

    Note

    The service contract number is needed to complete registrations on the FortiCloud support portal. You can find this 12-digit number in the email that contains your service registration document (sent from do-not-reply-contract@fortinet.com) in the service entitlement summary.

    Recent FortiGate models include a new BIOS version with a security enhancement that requires you to register your FortiGate and download the registration information to your FortiGate before you have complete access to the GUI or CLI. You must also register your FortiGate before you can upgrade its firmware.

    Although it is recommended to register all FortiGate models to FortiCare, it is not required for older FortiGate models without the latest BIOS version.

    This topic contains the following sections:

    Registering recent FortiGate models

    For recent FortiGate models with the new BIOS version, FortiCare registration is required after new GUI login. When logging in to the FortiOS GUI for the first time on a new FortiGate installation, you are directed to the FortiCare registration dialog box to register your device with FortiCare. You must register the FortiGate to FortiCare before you can access the GUI for further device configuration.

    For the list of affected devices, see Registration before device configuration FAQ.

    Until the device is registered with FortiCare, the FortiOS CLI is read-only, except for the following commands:

    • config firewall

    • config ftp-proxy

    • config router

    • config system

    • config web-proxy

    Only a subset of settings related to network configurations are supported.

    To register recent FortiGate models with FortiCare:

    1. Log in to the FortiOS GUI. The Register with FortiCare dialog box is displayed:

    2. With FortiCloud set to Login, complete the fields, and click OK to register with FortiCare.

      If you do not want to register the device now, click Log Out, and register the device another time. However, you will be unable to access the GUI for further device configuration.

      The FortiGate Setup wizard is displayed.

    3. Click Begin to continue. See Completing the FortiGate Setup wizard.

    Registering recent FortiGate models in an air-gapped environment

    This section applies to FortiGate models with the latest BIOS version.

    The FortiGate setup wizard can be used to manually upload a previously downloaded license file, allowing successful registration even when the device is unable to reach FortiCare. On FortiCare, register the FortiGate, download the license file, and use the wizard to upload the offline license file to the off-network FortiGate. As long as the FortiGate serial number in the license file matches the serial number of the off-network FortiGate, the device is considered registered. This is particularly useful for air-gapped environments where the lack of internet connectivity is by design.

    To register an off-network FortiGate to FortiCare:

    1. Go to FortiCare, log in, and register the FortiGate using the Asset Management portal. See Registering assets.

    2. From FortiCare, download the license file. See Viewing licenses and keys.

    3. On the off-network FortiGate, log in to FortiOS and select Upload off-network license file.

    4. Upload the off-network license file and click OK.

      Once the upload is completed and the serial number in the license file matches the serial number of the FortiGate, the following screen is displayed:

    5. Click OK to continue to proceed to the FortiGate Setup wizard. See Completing the FortiGate Setup wizard.

    Registering FortiGate models

    This section applies to older FortiGate models without the latest BIOS version.

    For FortiGate models connected to the internet, you have the option of registering the device with FortiCare using the Setup wizard.

    To register FortiGate models in the GUI:

    1. Connect to the FortiGate GUI. The FortiGate Setup wizard appears.

    2. Click Begin. The Register with FortiCare step is displayed.

    3. Register the FortiGate to FortiCare, and click OK. The next step in the wizard is displayed.

      Complete the wizard, or click Later to complete the wizard later. See Completing the FortiGate Setup wizard for details.

    4. Go to System > FortiGuard and click Activate subscription.

      In the CLI use exec fortiguard-log certificate-activation <code>.

    5. Enter the contract registration code from your service registration document.

    6. Click OK.

    Registering on the FortiCloud support portal

    To register the FortiGate on the FortiCloud support portal:

    FortiGates can be registered with the Register More button in the Products views. For details, see Registering assets in the FortiCloud Account Services Asset Management guide.

    Bypassing FortiCare registration

    By default, FortiGates with new BIOS are set to FortiCare registration level 2 in the BIOS, and you must register the device to FortiCare before you can access the GUI. However, you can use the BIOS menu to manually set the FortiCare registration level to 1, and then you can bypass FortiCare registration in the GUI.

    To change the FortiCare registration level:

    1. Using the console cable, connect the FortiGate unit’s console port to the serial communications (COM) port on your management computer. See Connecting to the CLI.

    2. Hard reboot the FortiGate.

    3. Press a key to interrupt the boot process when prompted:

      Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu...

    4. Enter I to access System configuration and information. 

      [C]:  Configure TFTP parameters.
[R]:  Review TFTP parameters.
[T]:  Initiate TFTP firmware transfer.
[F]:  Format boot device.
[B]:  Boot with backup firmware and set as default.
[I]:  System configuration and information.
[Q]:  Quit menu and continue to boot.
[H]:  Display this list of options.

    5. Enter C to access Set FortiCare registration. 

      Enter C,R,T,F,B,I,Q,or H:
[S]:  Set serial port baudrate (will take effect on next boot).
[R]:  Set restricted mode.
[T]:  Set menu timeout.
[U]:  Set security level.
[C]:  Set FortiCare registration.
[I]:  Display system information.
[E]:  Reset system configuration.
[M]:  Display SPD information.
[Q]:  Quit menu and continue to boot.
[H]:  Display this list of options.

    6. Enter 1 to set Not Enforce. 

      Enter S,R,T,U,C,I,E,M,Q,or H:
[1]:  Not Enforce
[2]:  Enforce
Enter FortiCare registration setting [2]: 1
    To bypass FortiCare registration in the GUI after setting FortiCare registration Level to 1 in the BIOS:

    1. Ensure the FortiGate has the correct networking configuration to reach the internet, such as receiving IP and gateway addresses from DHCP. See Configuring basic settings.

    2. Log in to the FortiOS GUI. The Register with FortiCare dialog box is displayed:

    3. Click Later to proceed without registering the FortiGate to FortiCare.

      The FortiGate Setup wizard is displayed.

    4. Click Begin to continue. See also Completing the FortiGate Setup wizard.

    Previous
    Next