When you setup a new FortiGate VM, sometimes the licensing process is not working as expected. To simplify the process of licensing a FortiGate VM for you, we have created this guide.
Let’s first have a look into the licensing process on the FortiGate VM, before we discuss the Troubleshooting. The licensing procedure on a FortiGate VM is quite simple and can be described in three steps:
How to install a license
Step 1: Setup the VM on your Cloud or Hypervisor
You can find step-for-step guides on how to setup your FortiGate VM under this KB article from Fortinet.
Step 2: Open the WebGUI of your VM to upload the license
As long as the FortiGate VM is not fully registered and licensed (which is the same thing on a FortiGate VM), the only page that you will be able to reach is the License file upload page that looks like in the screenshot below. You are also able to apply for a free trial license by entering your Fortinet Account information.
The messages states the problem as precise as it can be: “License is invalid for current VM configuration. Upload a new license or reconfigure the VM.”
So we will upload the license for the VM here. You can download the license of your VM under support.fortinet.com.
Step 3: License is installed successfully.
After you have uploaded the license and wait for about five minutes, the FortiGate has rebooted and is now up and running and ready to get configured.
Troubleshooting of the VM licensing
So far, so good and the life would be too easy if it would work like that everytime 🙂
Sometimes, even after uploading the license and after rebooting the VM, the only page you can see is the license upload page. In this case, we recommend you the following procedure to troubleshoot possible licensing issues:
Step 1: Try a different browser or open the page in a private tab
In some cases, when a browser caching problem occours, this will solve all problems. So try to access from a private window or from an incognito tab.
Step 2: Log in on the VM console to check the serial number and the license status
With the term “console” I mean the terminal. An SSH session is not sufficient at this point.
- In case of an Azure VM, you can find the terminal on the VM in the menu on the left side. In the last Sub-menu, that’s named “Support + troubleshooting” you can find the “Serial console”.
- In case of an ESX VM, you open the VM and klick to “Open console” or “Start Web-Console” on the “Overview”
After you have logged in with a superadmin user, you will be able to execute commands.
Execute the command
get system status
and verify, that the serial number is correct. You can also find the “License Status:” (Pending, Valid or invalid, Warning) in this output.
Note that you may be kicked out from the FortiGate CLI session, as soon as the FortiGate is trying to update it’s license. In this case you can see the message
*ATTENTION*: Admin sessions remoced because license registration status changed to 'INVALID'.
Step 3: Start a manual license and database update
To start the update, execute the command “execute update-now” on the console. Wait for some minutes and check once again if the FortiGate VM is successfully licensed now.
If this is not the case, you can use the following commands to troubleshoot the license and database update process:
diagnose debug enable diagnose debug application update -1 execute update-now
Now you should get a detailed output of the update process. The FortiGate establishes a connection to the licensing systems and updates it databases. If there is a problem on any of those steps, the FortiGate will print an error message on the console.
In most cases, you will get at latest at this step a message like:
*ATTENTION*: Admin sessions remoced because license registration status changed to 'VALID'.
If the update-now debugging did not point out any errors, go to the third step:
Step 4: Check the VM ressources and compare them to the licensing limits
The CLI command
diagnose debug vm-print-license
will show you the ressources you have assigned your VM. Compare those settings with the licensed limits.
If you note that your VM has more ressources available than your license does allow, just reduce the overbooked ressource and reboot your VM with the CLI command “exec reboot”.
The FortiGate VM Licenses on private cloud platforms do not limit the maximum memory anymore
Beginning with FortiOS 6.2.2, there is no memory limitation anymore for FortiGate VMs on private cloud hypervisors. Fortinet recommends a minimum of 2GB memory for a FortiGate VM.