This article describes the difference between the 'Disconnected' and 'Disconnected (Expired)' FortiEDR Licensing Status. It provides an overview of what these statuses indicate and how they affect license allocation.
Scope
FortiEDR.
Solution
The 'Disconnected' status indicates that the device on which the FortiEDR Collector is installed is either powered down or disconnected from the network. This status does not necessarily imply a problem with the FortiEDR Collector or the device itself.
The 'Disconnected (Expired)' status, on the other hand, is used to identify devices that have not been seen or communicated with the FortiEDR system for more than 30 days. This status helps in identifying devices that have been offline for an extended period. In case a device is not seen for a period of more than 30 days, the 'Disconnected (Expired)' status will be displayed for it, and its license will be released. If a device is brought back online after being offline for more than 30 days, it should reconnect to FortiEDR Manager, assuming there is at least one license slot available.
If it is necessary to release the license slot assigned to a device, delete the Collector record from the FortiEDR Manager's inventory.
