| Confirm both HA cluster units' expiry dates. Example: Primary FortiGate expiry date: 10/10/2024 Secondary FortiGate expiry date: 10/10/2023 The FortiGate license will reflect the earliest expiry date among the cluster units.
FortiGate GUI will show the expiry date as 10/10/2023, even though the primary HA device license has not expired; it shows expiry dates from the secondary on the primary device.
This behavior is expected in FortiGate HA clusters as the system synchronizes license status across all units and displays the earliest expiry date among cluster members. This design is intended to prevent feature inconsistencies or service interruptions during failover when a license on any cluster member has expired, ensuring consistent security service capability across the entire cluster.
In the CLI it should show as below when 'diagnose debug app update -1" executes for the expired license on the secondary unit: upd_status_set_ha_expiry[1477]-Extracting contract...(SerialNumber=FG101E4Qxxxxxxxx|Contract=AVDB-1- -------------- update_status_obj[740]-SBCL contract expiry=Sat Dec 7 01:00:00 2024
level(6) alert(0)
update_status_obj[740]-AVDB contract expiry=Sat Dec 7 01:00:00 2024
level(6) alert(0)
update_status_obj[740]-ETDB contract expiry=Sat Dec 7 01:00:00 2024
level(6) alert(0)
update_status_obj[740]-EXDB contract expiry=Sat Dec 7 01:00:00 2024 level(6) alert(0) level(6) alert(0)
upd_status_set_ha_expiry[1511]-Serial Number: FG101E4Qxxxxxxxx - contract processed
upd_status_set_ha_expiry[1477]-Extracting contract...(SerialNumber=FG101E4Qcsdnw|Contract=AVDB-1- --------------- update_status_obj[740]-SBCL contract expired=Sat Dec 7 01:00:00 2023 <<<<< Should see Expired
level(6) alert(0)
update_status_obj[740]-AVDB contract expired=Sat Dec 7 01:00:00 2023 <<<<< Should see Expired
level(6) alert(0)
update_status_obj[740]-ETDB contract expired=Sat Dec 7 01:00:00 2023 <<<<< Should see Expired
level(6) alert(0)
update_status_obj[740]-EXDB contract expired=Sat Dec 7 01:00:00 2023 <----- Should see Expired.
- Run the following commands on both devices to verify the license or else can check on the FortiCloud portal.
diagnose debug reset
diagnose debug disable
diagnose debug app update -1
diagnose debug enable execute update-now diagnose debug disable <----- Stop the logs after the update is successful. FortiCloud portal verification: Login to support.fortinet.com and go to the Section Product -> My Assets. 
- Grace period on license expiration
There is a grace period of 2 days designed to provide administrators with additional time to renew the license, ensuring uninterrupted access to FortiGuard services. Example: This HA cluster had one of the units ending at 04 of March however, on FortiGate's GUI, the expiration date is 06 of March. - Customer FortiCloud account.
 | 
