Technical Tip: FortiPAM license validation methods with and without Internet access

Description

This article describes the supported methods for FortiPAM license validation in environments with and without direct Internet access.

FortiPAM performs periodic license validation to ensure that the device remains properly registered and authorized. In environments such as Operational Technology networks, where direct Internet access is restricted or not available, an alternative validation method is required to maintain system operation.

Scope

FortiPAM.

FortiManager.

Solution

FortiPAM supports two methods for license validation, depending on network design and connectivity availability.

Direct Internet access (default method).

FortiPAM connects directly to Fortinet services over the internet to perform license validation. This method is the standard deployment model and requires outbound connectivity to Fortinet services.

FortiManager as intermediary (offline or restricted environments).

In environments without direct Internet access, FortiManager can be used as an intermediary for license validation.

In this architecture, FortiPAM communicates with FortiManager over the internal network. FortiManager is responsible for establishing connectivity with Fortinet services and performing license synchronization and validation on behalf of FortiPAM.

This approach allows FortiPAM to operate in secured or isolated networks, such as Operational Technology environments, where direct Internet access is not permitted.

Make sure that FortiManager has proper Internet connectivity and is correctly configured to manage FortiPAM devices, as it becomes responsible for license validation in this design.

Refer to FortiManager's new features: FortiManager supports FortiPAM licenses validation and central packages download.