Skip to main content
FortiZiq
Staff
FortiZiq
Staff
April 28, 2025

Troubleshooting Tip: Firmware template upgrade fails with error 'no valid FMWR license'

  • April 28, 2025
  • 0 replies
  • 2226 views
Description This article describes the troubleshooting steps when encountering the error 'no valid FMWR license'.
Scope FortiManager.
Solution
  1. Ensure the FortiGate that is being upgraded has valid licenses. This can be checked from the Support Portal, or via the Licenses widget in FortiGate under FortiGate -> Dashboard -> Status -> Licenses widget:

 

license widget.png

 

  1. Verify that the FortiGate’s license in FortiManager is valid. This can be checked under FortiGuard -> Device Licenses:

 

device licenses.png

 

If the FortiGate's license in FortiManager shows as 'No Support' or 'Expired', re-downloading FortiGate contracts from the FDS server by running the following commands on the FortiManager CLI as a workaround may resolve the issue:

 

diagnose fmupdate del-device <FGT_SN>

diagnose fmupdate service-restart fds

diagnose fmupdate service-restart fwm

 

Furthermore, most likely there is a possible connection issue between the FortiManager and the FortiGuard server(s). Ensure that traffic from FortiManager is allowed to FortiGuard servers (fds1.fortinet.com) or FortiGuard FQDN (*.fortinet.com, *.fortinet.net) on port 443. For more information on how the configuration should be set up on the FortiManager and FortiGate sides in cases where FortiGate is configured to get the FortiGuard updates via the FortiManager, see Technical Tip: Configure FortiManager as a local FDN server for FortiGates.

 

Further troubleshooting steps are explained in Technical Tip: Verifying FortiGuard connectivity on FortiManager.

 

  1. If the FortiManager is operating in an air-gapped environment, users may upload the Entitlement File to FortiManager to update the contract information. The steps to upload the Entitlement File to FortiManager are explained in the following document: Uploading account entitlement files.

 

If all steps have been followed and the error persists, consider raising a Technical Support ticket for further troubleshooting by sharing the output of below commands from FortiGate and FortiManager:

 

FortiGate debug:


get system status
get system central-management
diagnose debug application update -1
diagnose debug console timestamp enable
diagnose debug enable
exec update-now

 

FortiManager debug:


show system interface
diagnose fmupdate dbcontract <FortiGate_serialnumber>
diagnose fmupdate show-dev-obj <FortiGate_serialnumber>
diagnose fmupdate view-serverlist fds
diagnose fmupdate view-linkd-log fds
diagnose fmupdate fds-dump fds-log
diagnose fmupdate fds-dump subs
diagnose fwmanager fwm-log dump

 

Related article:

Technical Tip: Upgrading FortiManager/FortiAnalyzer

Technical Tip: How to upgrade FortiGate using FortiManager 
    Terms & ConditionsAccessibility statement