Technical Tip: How the FortiGate will receive correct FortiGuard updates once FortiManager licenses expire

Description

This article describes how FortiGate can get FortiGuard package updates directly from the FortiGuard servers if FortiManager licenses expire.

Scope

FortiGate.

Solution

FortiGate will stop receiving license validation and updates if it is configured to receive FortiGuard package updates from FortiManager in a closed network and if the FortiManager license is expired.

Solution 1:

Before it expires, renew the FortiManager licenses.

Solution 2:

Until the license is not renewed, configure FortiGate to get updates directly from the FortiGuard servers through an internet connection.

If FortiGate is set to get updates from the FortiGuard servers, the following is the configuration need to do on FortiGate:

config system central-management
    set type fortimanager
    set fmg "x.x.x.x"
    set include-default-servers enable <- This setting will ensure FortiGate gets updates from FortiGuard default servers.
end

config system fortiguard

    set update-server-location automatic

end

To check if there are any issues with FortiGuard communication the below debugging commands can be used:

diagnose debug console timestamp enable
diagnose debug app update -1
diagnose debug enable
execute update-now

To disable the debug after a couple of minutes run the below:

diagnose debug disable

diagnose debug reset

To verify if the update is successful and all databases are up-to-date, run the following command:

   diagnose autoupdate versions

Related articles:

Technical Tip: Verifying-and-troubleshooting-FortiGuard-updates