Fortinet Document Library

Version:


Table of Contents

Deploying FortiGate-VMX

VMware-NSX Security Fabric integration

Resources

Upgrade Path Tool
6.0.1
Download PDF
Copy Link

Licensing and activation

There are two Fortinet components that make up a FortiGate-VMX environment. Each has its own license scheme. You are licensed based on the number of FortiGate-VMX Service Manager nodes and the number of VMX security nodes associated with it. The node license(s) are 'associated' with the service manager license and are made available in its license repository after validation.

note icon RAM and virtual CPUs are not considered when calculating license requirements.

FortiGate-VMX Service Manager

  • Licensing the Service Manager requires the installation of a license file.
  • A single Service Manager can handle an almost unlimited number of FortiGate-VMX Security Nodes so only one license is required.
  • The Service Manager must be able to connect to the Internet to validate its license against the FortiGuard Network.

FortiGate-VMX instances

  • A license is required for each FortiGate-VMX instance deployed
  • Only one FortiGate-VMX Security Node is required per ESXi Host
  • It is kept simple in that 1 Security Node requires 1 license. RAM and virtual CPUs are not used when calculating license requirements
  • The FortiGate-VMX Security Nodes receive their license from, and validate against the FortiGate-VMX Service Manager

The licenses for the FortiGate-VMX Security Nodes are not assigned directly to the instance by the administrator, they are applied to the FortiGate-VMX Service Manager.The Service Manager keeps track of how many licenses have been purchased and how many are available for use.

The total number of instances deployed is not as relevant as how many are concurrently in operation. As instances are deployed, licenses are allocated to them and when instances are decommissioned, licenses are returned to the pool. If a deployment is attempted when there are no licenses left in the pool, the instance will be deployed, but when it requests a license from the FortiGate-VMX Service Manager, it will be denied and the Security Node will be considered 'invalid'. This means that any VM on that host will have its traffic blocked.

The information on FortiGate-VMX License usage is located in the licensing widget so if you are planning on future deployments you can quickly see if you have enough available licenses.

note icon While the logical limit to the number of nodes that a Service Manager can handle is theoretically unlimited, there are practical limitations that are likely to limit the number.Things like IT resources may put an upper limit on how many instances can be effectively installed and managed.

Getting the License

The procedure for retrieving the license file is essentially the same as with FortiGate-VM.

When ordering the FortiGate-VMX Service Manager and FortiGate-VMX Security Nodes, you will receive a single license registration code. After registering the license with FortiCare, you will select the "License File Download" link for the FortiGate-VMX Service Manager.

Activation

To activate the FortiGate-VMX, follow the steps below:

  1. Log into support.fortinet.com.
  2. Register the FortiGate-VMX SVM serial number.
  3. Register a VMX security node serial number and associate it with the SVM. If you have multiple SVM registrations, choose one that manages the VMX nodes you are about to register.
  4. Download license files.
  5. Log into the SVM management GUI.
  6. Under Status, navigate to System > FortiGuard > FortiGate VM License.
  7. Click Upload and upload the downloaded license.

  8. The system reboots after enabling the license. Wait thirty minutes until FortiGuard validates the newly activated license. If you attempt to log into the FortiGate-VMX before validation successfully completes, the system prompts the license upload screen again.
  9. Log into SVM and check the license status on the dashboard. An additional license file is required for the licensed number of VMX security nodes. A fully licensed SVM shows how any security nodes are deployed and how many licenses are allocated.
note icon The VMX licence status is included in the output of get system status.

Resources

Licensing and activation

There are two Fortinet components that make up a FortiGate-VMX environment. Each has its own license scheme. You are licensed based on the number of FortiGate-VMX Service Manager nodes and the number of VMX security nodes associated with it. The node license(s) are 'associated' with the service manager license and are made available in its license repository after validation.

note icon RAM and virtual CPUs are not considered when calculating license requirements.

FortiGate-VMX Service Manager

  • Licensing the Service Manager requires the installation of a license file.
  • A single Service Manager can handle an almost unlimited number of FortiGate-VMX Security Nodes so only one license is required.
  • The Service Manager must be able to connect to the Internet to validate its license against the FortiGuard Network.

FortiGate-VMX instances

  • A license is required for each FortiGate-VMX instance deployed
  • Only one FortiGate-VMX Security Node is required per ESXi Host
  • It is kept simple in that 1 Security Node requires 1 license. RAM and virtual CPUs are not used when calculating license requirements
  • The FortiGate-VMX Security Nodes receive their license from, and validate against the FortiGate-VMX Service Manager

The licenses for the FortiGate-VMX Security Nodes are not assigned directly to the instance by the administrator, they are applied to the FortiGate-VMX Service Manager.The Service Manager keeps track of how many licenses have been purchased and how many are available for use.

The total number of instances deployed is not as relevant as how many are concurrently in operation. As instances are deployed, licenses are allocated to them and when instances are decommissioned, licenses are returned to the pool. If a deployment is attempted when there are no licenses left in the pool, the instance will be deployed, but when it requests a license from the FortiGate-VMX Service Manager, it will be denied and the Security Node will be considered 'invalid'. This means that any VM on that host will have its traffic blocked.

The information on FortiGate-VMX License usage is located in the licensing widget so if you are planning on future deployments you can quickly see if you have enough available licenses.

note icon While the logical limit to the number of nodes that a Service Manager can handle is theoretically unlimited, there are practical limitations that are likely to limit the number.Things like IT resources may put an upper limit on how many instances can be effectively installed and managed.

Getting the License

The procedure for retrieving the license file is essentially the same as with FortiGate-VM.

When ordering the FortiGate-VMX Service Manager and FortiGate-VMX Security Nodes, you will receive a single license registration code. After registering the license with FortiCare, you will select the "License File Download" link for the FortiGate-VMX Service Manager.

Activation

To activate the FortiGate-VMX, follow the steps below:

  1. Log into support.fortinet.com.
  2. Register the FortiGate-VMX SVM serial number.
  3. Register a VMX security node serial number and associate it with the SVM. If you have multiple SVM registrations, choose one that manages the VMX nodes you are about to register.
  4. Download license files.
  5. Log into the SVM management GUI.
  6. Under Status, navigate to System > FortiGuard > FortiGate VM License.
  7. Click Upload and upload the downloaded license.

  8. The system reboots after enabling the license. Wait thirty minutes until FortiGuard validates the newly activated license. If you attempt to log into the FortiGate-VMX before validation successfully completes, the system prompts the license upload screen again.
  9. Log into SVM and check the license status on the dashboard. An additional license file is required for the licensed number of VMX security nodes. A fully licensed SVM shows how any security nodes are deployed and how many licenses are allocated.
note icon The VMX licence status is included in the output of get system status.