Skip to main content
ProtocolSA
ProtocolSA
Explorer II
March 19, 2025
Solved

Fortigate 200G active/passive licence

  • March 19, 2025
  • 2 replies
  • 4406 views

Hello,

 

I would like to install a Fortigate 200G with active/passive HA.

That's mean that only one Firewall is running, the second, just in case of problem on the primary.

 

Our reseller said that's it's required to have both licences and maintenance same on both firewalls.

Is that's correct ?

 

Thank you.

 

Best answer by owen911

Based on Administration Guide v7.6.1, v7.4.6, V7.2.9

A-P setup is able to share single license with a certain range of variants. 
refer to below guide 

https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/246857

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/246857/single-fortiguard-license-for-fortigate-a-p-ha-cluster-7-4-6

 

2 replies

plsikk
plsikk
Explorer
March 19, 2025

Yes because HA is only setup , but contract is for Hardware 

    ProtocolSA
    ProtocolSAAuthor
    Explorer II
    March 19, 2025

    Hello,

     

    Ok I understand that I need a hardware support, it's normal, and we need to get it, but....

     

    If we choose the Bundle with Enterprise Protection we get:

    • FortiCare 24x7
    • FortiGuard App Control Service
    • FortiGuard IPS Service
    • FortiGuard Advanced Malware Protection
    • FortiGuard Web Filtering Service
    • FortiGuard Antispam Service
    • FortiGuard Security Rating Service
    • FortiGuard Industrial Service
    • FortiCASB SaaS-only Service

    But in a active / passive case, we do not use Web Filtering 2 times, Antispam 2 times, Antivirus 2 times and 2 times all others services. We use it only on the (one) running appliance (1), not on both, so it's not very cool from Fortinet to force customer to buy licence not used. Imagine that in 5 years we don't have any problem with the running appliance, so the licence of the (inused) second one are just only for giving money to Fortinet.

     

    A HW support licence for the second HA in Active / Passive mode would be the solution, but I think with the mode of licencing every appliance in the HA (however in passive mode) we jump into very expansive price if I compare to other brand that make this difference (active/active & active/passive).

     

    At this time, if there is no solution other to get 2 FULL licences at the same price for an HA active/active or active/passive mode, I think we will see outside Fortinet.

     
     
     
     
    plsikk
    plsikk
    Explorer
    March 19, 2025

    license is linked with serial number - so what is you passive FGT will be promoted as active - so no license ? I remember Cisco had HA license for WLC just for failover and HA can't be active longer then some time. But for Forti no. We have more then 200 FGTs and for all units license have to by active

      plsikk
      plsikk
      Explorer
      March 20, 2025

      question because in documentation I found this 

      Do not change the HA mode from A-P to A-A when set logical-sn enable. This will result in the FortiGate losing its vSN. Disabling logical-sn will also result in losing the vSN. As a result, service entitlements will no longer be registered to the HA cluster.

      What happen if one unit failed and have to be replaced via warranty. New device have new SN and vSN probably will be new. How to transfer license if it's possible ?

        owen911
        owen911
        Visitor III
        March 20, 2025

        https://community.fortinet.com/t5/FortiGate/Technical-Tip-Additional-Info-regarding-Single-FortiGuard/ta-p/380661
        As of current, there no clear indication on RMA part. 
        With these feature rollout, RMA should not be a issue.

        But im guessing likely need to open ticket for TAC to get involved. 
        Might need to check with your local Distributor for confirmation on this

          Terms & ConditionsAccessibility statement