Skip to main content
duenlim
Staff
duenlim
Staff
May 24, 2022

Technical Tip: How is Proxy/UTM sessions license used in FortiProxy

  • May 24, 2022
  • 0 replies
  • 4245 views
Description This article describes how is the Proxy/UTM sessions used to understand the number of sessions per seat license.
Scope FortiProxy.
Solution

For example, run a CLI command to show the session license details.

 

get system status
Version: FortiProxy-KVM v7.4.8,build0649,250115 (GA.M)
License: Active, seat 100, active seat 100, expiry date 2026-04-24 

 

diagnose wad license detail

Purchased License Seat: 100
Available License Seat: 100
Max Licensed Session: 2500

 

License shown on the GUI dashboard: 

 

sessions.jpg

 

The max licensed session is 2500, derived from 25 sessions x 100 license seats. That also means that FortiProxy supports up to 2500 maximum proxy/UTM sessions.

 

Once the maximum concurrent session has been reached, new proxy sessions are bypassed by default without UTM inspection. This is so that FortiProxy does not drop or block those sessions.

 

show full system global | grep license
    set license-overlimit bypass 

 

Note:

FortiProxy in HA mode. Half of the license seats in the slave unit were added to the primary unit, like the example below. 

 

License Seats Registered:


FPX4HETA19-----9: 1000
FPX4HETA19-----9: 1000


New license seats adjusted:


FPX4HETA19-----9: 1500 <----- Primary Unit.
FPX4HETA19-----9: 500

Available License Seat: 1500
Max Licensed Session: 37500
Current Licensed Session: 37500

 

FortiProxy in HA mode needs FC entitlements (UTM licenses) for both devices for seat sharing to work. In v7.2.0 and above, the license sharing is 100% instead of 50%.

 

The FortiProxy License sharing in v7.4.x:

Primary (FPXVMPPPPPPPPPPP).
Secondary (FPXVMSSSSSSSSSSS).


Primary (global) # diagnose test application csfd 140


dev: FPXVMPPPPPPPPPPP(0xa77d940), stale: n, root: y, sharing: y, last ping: 1765844847 proto_version=2
lic purchased/ used/ allocated/ reserved/guaranteed/ preferred/ model_max/grant?/conserve
furl 250/ 0/ 2/ 2/ 0/ 0/ 500/ no / no
fnbi 0/ 0/ 15/ 15/ 0/ 0/ 500/ no / no
fcas 250/ 0/ 2/ 2/ 0/ 0/ 500/ no / no


dev: FPXVMSSSSSSSSSSS(0xa79d8a0), stale: n, root: n, sharing: y, last ping: 1765844847 proto_version=2
lic purchased/ used/ allocated/ reserved/guaranteed/ preferred/ model_max/grant?/conserve
furl 250/ 0/ 18/ 18/ 60/ 60/ 500/ no / no
fnbi 0/ 0/ 15/ 15/ 0/ 0/ 500/ no / no
fcas 250/ 0/ 18/ 18/ 60/ 60/ 500/ no / no


Total:
lic purchased/ used/ allocated/ conserve
furl 500/ 0/ 20/ no -------------------------> Total 500 Seats (Primary + Secondary).
fnbi 0/ 0/ 30/ yes
fcas 500/ 0/ 20/ no
n_need_grant_seat: 0

 

Secondary (global) # diagnose test application csfd 140
fabric license sharing: y
device status: disconn yes stale no
lic purchased/ used/ allocated/ conserve
furl 250/ 0/ 0/ no ---------------------------> Secondary unit has 250 seats.
fnbi 0/ 0/ 0/ no
fcas 250/ 0/ 0/ no

 

Related document:

HA license sharing behavior change
      Terms & ConditionsAccessibility statement