Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Nik
New Contributor II

Created on ‎04-26-2021 02:14 PM

HA cluster licensing

Hi,

I have a HA cluster of 100E model and I want to renew the license on it (it will soon expire). We have purchased two licenses with same features in order to apply on these two fortigates separately.

Is it ok if I apply the license on the master first, and then change the prio and make the slave, a master, and then reboot. After that apply the license on the other fortigate?

thanks in advance
Labels:
2314
0 Kudos
1 Solution
lbjust
New Contributor II

Created on ‎04-28-2021 12:17 PM

Hi,

After your licensing renew, Fortinet will update their servers with new expiration dates and licensed services. When your FortiGate checks against FortiGuard server, it will retrieve those new values automatically. You dont have to do nothing.

If you want to force an update: execute update-now

If you want to be sure that everything is correct, you can run a debug and see exactly what FortiGuard is replying:

diagnose debug application update -1
diagnose debug enable
execute update-now

You will see the contract for both members.

More info: Verifying FortiGuard licenses and troubleshooting

If you dont have Internet connection and need to apply the license file manually, just reset the uptime and the slave member will assume as master:

diag sys ha reset-uptime

View solution in original post

2297
0 Kudos
2 REPLIES 2
whatz
New Contributor II

Created on ‎04-27-2021 08:15 AM

Hello,

A cluster normally sync's the license.  That is at least my experience.  All the clusters I am working with retrieve their licensing directly from the FortiGuard portal.

Mike
2297
0 Kudos
lbjust
New Contributor II

Created on ‎04-28-2021 12:17 PM

Hi,

After your licensing renew, Fortinet will update their servers with new expiration dates and licensed services. When your FortiGate checks against FortiGuard server, it will retrieve those new values automatically. You dont have to do nothing.

If you want to force an update: execute update-now

If you want to be sure that everything is correct, you can run a debug and see exactly what FortiGuard is replying:

diagnose debug application update -1
diagnose debug enable
execute update-now

You will see the contract for both members.

More info: Verifying FortiGuard licenses and troubleshooting

If you dont have Internet connection and need to apply the license file manually, just reset the uptime and the slave member will assume as master:

diag sys ha reset-uptime
2298
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.