FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.


This article described the limitation in applying VM S-Series License to existing FortiManager VM & FortiAnalyzer VM in version 6.4 only.


Note: Starting in FortiManager & FortiAnalyzer 7.0.1, it is possible to apply a VM-S license to an existing VM

New Features | FortiAnalyzer 7.0.0 | Fortinet Documentation Library

In the current design, the new VM-S license and the current running licenses (either Evaluation License or Perpetual License) are not exchangeable in version 6.4.
In other words, it is not possible to use the new VM-S license to update on the current running instances that is on either an Evaluation or a Perpetual licensing due to trial license expiration or contract renewal.

VM-S license file and Serial Number naming will start with 'FMGVMS' for FortiManager and 'FAZVMS' for FortiAnalyzer.

Example of error when a user is trying to update the existing Non-VMS-S license instance with a VMS-S license:


To rectify such issue, the only solution is to re-build new instances and load with the new VMS-license,


1) Backup the config file (without encryption) from GUI for the current running FortiAnalyzer/FortiManager.
2) Backup the log for the current running FortiAnalyzer only from CLI.

# execute backup logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

3) Shutdown the current running FortiAnalyzer/FortiManager.
4) Build a new instance for FortiAnalyzer/FortiManager with the same version and with the same IP address and routing as the previous running FortiAnalyzer/FortiManager, upon GUI login upload the new VM-S license to reboot.
Upload the license at this time will be possible.

5) Login back from GUI, select to restore config file backup in step (1) above for both FortiAnalyzer/FortiManager, de-select Overwrite current IP, routing and HA settings or check Overwrite current IP, routing and HA settings (if the same IP address is used) to reboot.
6) For FortiManager, re-connect all the managed FortiGate(s) to the new FortiManager and make sure the Device Manager’s admin user password credential is set correctly. Refresh the FGFM connection.
7) For FortiAnalyzer, restore the backup log in step (2) above.

# execute restore logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>

8 )For FortiAnalyzer also, rebuild the SQL DB by running the following CLI command, it requires a reboot.

# execute sql-local rebuild-db

9) For post verification on FortiAnalyzer, make sure the FortiAnalyzer able to receive the real-time log from the FortiGate(s).

Related Articles

Technical Note: Backup and restore of FortiAnalyzer settings, logs and reports