Troubleshooting Tip: FortiManager local-FDS feature is disabled after upgrade to v7.2.12 or v7.4.9 or v7.6.5

Description

This article describes a behavior change in which the local FortiGuard Distribution Service (local-FDS) feature on FortiManager is disabled when the FortiManager unit itself does not hold a Premium (COMP) or Elite (ASET) support contract (Mantis 1201376).

Scope

FortiManager v7.2.12, v7.4.9, v7.6.5, and later. Affects FortiManager-VM units holding only Standard (SPRT) or Enhanced (ENHN) support.(Internal Only)

Solution

The issue:

The following message is printed periodically on the FortiManager event log.

FDS service DISABLED as FMG has NO VALID contract

v7.6 platform objects (07006000xxx) are not fetched, and the GUI shows the following:

VM Meter Service: Not Licensed

Root cause:

The fix changes FortiManager to enable local-FDS only when its own contract list contains Premium (COMP) or Elite (ASET).

Contracts held by managed FortiGate units are not evaluated.

Verification:

Run the following in the FortiManager CLI:

diagnose fmupdate dbcontract

If the output does not include a line starting with COMP- or ASET-, local-FDS is disabled by design.

Workarounds:

Workaround A (recommended):

Add a Premium (COMP) or Elite (ASET) contract to the FortiManager unit through ITF.

FC6-10-M3004-248-12(1 year)

Or:

FC6-10-M3004-248-02(2 month)

Workaround B:

Allow managed FortiGate units to fall back to the public FortiGuard servers. On each managed FortiGate:

config system central-management
    set include-default-servers enable
end

Workaround C (not recommended):

Downgrade FortiManager to a build that pre-dates the fix (for example v7.4.5 build 2553).

More information about the downgrade process is here: Downgrading to previous firmware versions.