Fortinet white logo
Fortinet white logo

Azure Administration Guide

Obtaining a FortiCare-generated license for Azure on-demand instances

Obtaining a FortiCare-generated license for Azure on-demand instances

New Azure on-demand and upgraded instances can retrieve a FortiGate serial number and license from FortiCare servers. Using the serial number, you can register the device to their account and start using FortiToken and FortiGate Cloud services.

The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on the virtual network, subnet, network security group, route table, public IP addresses, and so on.

To verify cloudinit automatically obtained a license for a newly deployed instance:
# diagnose debug cloudinit show
 >> Load VM metadata document
 >> Requesting FortiCare license: FGTAZRXXXXXXXXXX
 >> VM license install succeeded. Rebooting firewall.

# diagnose debug vm-print-license 
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: Wed Jul 29 16:48:34 2020
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647
			
# execute vm-license 
PAYG license exists.

If in a closed network, the command execution resembles the following, as the execute vm-license command attempts to get a license from FortiCare.

# diagnose debug cloudinit show 

# diagnose debug vm-print-license
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: 1597362903
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647

# execute vm-license
This operation will reboot the system !
Do you want to continue? (y/n)


Load VM metadata document
Requesting FortiCare license: FGTAZRXXXXXXXXXX

If the FortiGate-VM connects to FortiCare successfully, the following message displays:

VM license install succeeded. Rebooting firewall.

To obtain a license for an upgraded instance or instance from a closed network:

If you created the FortiGate-VM in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license as in previous FortiOS versions. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

# execute vm-license 
This operation will reboot the system !
Do you want to continue? (y/n)y

Load VM metadata document
Requesting FortiCare license: FGTAZRXXXZXXXXXX
VM license install succeeded. Rebooting firewall.
To register the serial number:
  1. Register the license using the serial number in FortiCare (see Creating a support account).
  2. Obtain the VM ID:
    • In FortiOS, run diagnose test application azd 6 and search for the VM Instance ID.
    • In Azure, run az vm show -g Resource-Group-Name -n PAYG-VM-Name --query vmId' -o tsv.
    • It may take up to an hour for the registration status to synchronize and update in the FortiOS GUI.

  3. Go Dashboard > Status and in the Licenses widget verify the FortiCare Support status.

  4. Once the registration is complete, you can log in to a FortiGate Cloud account and download the two free tokens that come standard with FortiGates (see FortiTokens).

Obtaining a FortiCare-generated license for Azure on-demand instances

Obtaining a FortiCare-generated license for Azure on-demand instances

New Azure on-demand and upgraded instances can retrieve a FortiGate serial number and license from FortiCare servers. Using the serial number, you can register the device to their account and start using FortiToken and FortiGate Cloud services.

The FortiGate-VM must be able to reach FortiCare to receive a valid on-demand license. Ensure connectivity to FortiCare (https://directregistration.fortinet.com/) by checking all related setup on the virtual network, subnet, network security group, route table, public IP addresses, and so on.

To verify cloudinit automatically obtained a license for a newly deployed instance:
# diagnose debug cloudinit show
 >> Load VM metadata document
 >> Requesting FortiCare license: FGTAZRXXXXXXXXXX
 >> VM license install succeeded. Rebooting firewall.

# diagnose debug vm-print-license 
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: Wed Jul 29 16:48:34 2020
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647
			
# execute vm-license 
PAYG license exists.

If in a closed network, the command execution resembles the following, as the execute vm-license command attempts to get a license from FortiCare.

# diagnose debug cloudinit show 

# diagnose debug vm-print-license
SerialNumber: FGTAZRXXXXXXXXXX
CreateDate: 1597362903
Model: PG (20)
CPU: 2147483647 
MEM: 2147483647

# execute vm-license
This operation will reboot the system !
Do you want to continue? (y/n)


Load VM metadata document
Requesting FortiCare license: FGTAZRXXXXXXXXXX

If the FortiGate-VM connects to FortiCare successfully, the following message displays:

VM license install succeeded. Rebooting firewall.

To obtain a license for an upgraded instance or instance from a closed network:

If you created the FortiGate-VM in a closed environment or it cannot reach FortiCare, the FortiGate-VM self-generates a local license as in previous FortiOS versions. You can obtain a FortiCare license, ensure that the FortiGate-VM can connect to FortiCare, then run the execute vm-license command to obtain the license from FortiCare.

# execute vm-license 
This operation will reboot the system !
Do you want to continue? (y/n)y

Load VM metadata document
Requesting FortiCare license: FGTAZRXXXZXXXXXX
VM license install succeeded. Rebooting firewall.
To register the serial number:
  1. Register the license using the serial number in FortiCare (see Creating a support account).
  2. Obtain the VM ID:
    • In FortiOS, run diagnose test application azd 6 and search for the VM Instance ID.
    • In Azure, run az vm show -g Resource-Group-Name -n PAYG-VM-Name --query vmId' -o tsv.
    • It may take up to an hour for the registration status to synchronize and update in the FortiOS GUI.

  3. Go Dashboard > Status and in the Licenses widget verify the FortiCare Support status.

  4. Once the registration is complete, you can log in to a FortiGate Cloud account and download the two free tokens that come standard with FortiGates (see FortiTokens).