Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎05-31-2013 02:06 AM Edited on ‎11-28-2025 03:05 AM By Community Manager

Article Id 193658

Technical Tip: FortiOS FortiCarrier: FortiGate procedure to activate Carrier features with a Carrier license

Description

 
This article describes that in the FortiOS firmware version 5.0, the Carrier features license activation process has changed, compared to the FortiOS version 4.00 MR3 or earlier versions.

The new process is as follows:
When a Carrier license is purchased, a "scratch card" license will be provided.
  • Each scratch card comes in an envelope named 'FortiCarrier Upgrade Activation Code Certificate'.
  • Each scratch card has a serial number (for example: FCRLIC471200xxxx); this serial number does not help to activate FortiOS Carrier features, and should not be used for that purpose.


To activate the Carrier feature license on your FortiGate unit:

  • Scratch each card in order to reveal the activation code; these are the digits that must be entered into the FortiGate unit management CLI.
  • The back of the scratch card includes instructions on how to type the activation code into the FortiGate management interface.
  • All activation codes are case sensitive.


Important notes:

  • After the activation code is entered, the modified FortiGate unit will reboot with a Factory-reset configuration, and will require Internet connectivity to access the Fortinet license validation server to confirm the license.
  • The activation process will fail if any of the following conditions are true:
    • The FortiGate does not have Internet access to FortiGuard.
    • The FortiGate is not connected to a FortiManager with access to Fortiguard.
  • The same activation license key cannot be used for 2 different FortiGate units.
  • Once activated, a license is assigned to a single FortiGate serial number; it is possible to change this assignment by contacting Fortinet Customer Service.
 
Successful and unsuccessful activation examples:
  1. FortiGate unit is offline (no internet access):

Unsuccessful registration: license check cannot be done:

FGT # execute forticarrier-license 9882-908F-74F2-XXXX-YYYY
License activation failed
FGT #
 

  1. FortiGate unit is online (internet access available):
    Unsuccessful registration: the license is already used:

     

FGT # execute forticarrier-license 9882-908F-74F2-XXXX-YYYY
11:License is already activated
License activation failed
FGT #

 

  1. FortiGate unit is online (internet access available):
    Successful registration with an unused license key:

 

FGT # execute forticarrier-license 8882-B20F-5072-XXXX-YYYY
This operation will reset the system to the factory default.
Do you want to continue? (y/n)y

...

FGT # get system status
Version: FortiCarrier-3950B v5.0,build0208,130603 (GA Patch 3)
Virus-DB: 16.00560(2012-10-19 08:31)
Extended DB: 1.00000(2012-10-17 15:46)
Extreme DB: 1.00000(2012-10-17 15:47)
IPS-DB: 4.00345(2013-05-23 00:39)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Serial-Number: FG3K9B3EXXXXYYYY
Botnet DB: 1.00000(2012-05-28 22:51)
BIOS version: 04000011
System Part-Number: P10462-02
Log hard disk: Available
Hostname: FGT
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
License Status: Carrier
Branch point: 208
Release Version Information: GA Patch 3
FortiOS x86-64: Yes
System time: Tue Jun 4 08:28:34 2013

FGT #

 

In a cluster environment, it is necessary to:

  • Backup the existing MASTER configuration file
  • Remove the MASTER from the HA cluster (Unplug the cables)
  • Activate the FortiCarrier licence on the MASTER. This will reboot the unit and factory reset.
  • Reload the saved configuration.
  • Backup the configuration of the other unit, which is now MASTER.
  • Activate the FortiCarrier licence. This will reboot the unit and factory reset.
  • Unplug the cables of this unit (which becomes SLAVE) and replug them on the other unit (which becomes MASTER).
  • Reload the configuration on the SLAVE when the reboot is finished.
  • Plug the cable into the SLAVE device.

For air-gapped environments where the activation code fails, and the FortiGate displays 'License activation failed', follow these steps to apply the FortiCarrier license:
  1. Perform a factory reset of the FortiGate.
  2. Obtain the offline license from the Support Portal, then upload it to the air-gapped FortiGate.
  3. Proceed to activate the FortiCarrier license with the registration code.
6237
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.