Description
This article describes the process of VM license activation.
Scope
FortiGate.
Solution
The UUID is an unique id generated by a VM instance. It is based on many factors (hardware resources such as CPU, RAM, hard disk, etc.) and should be unique among different VM instances (even with same VM serial number). Technically there can be multiple VM instances running with a same SN (with different UUIDs). However, Fortinet only allow one active VM instance running at any time, FDN servers will use SN and UUIDs to check and validate for multiple VM instances if any.
If a VM instance has been activated by an UUID, another VM instance with a different UUID cannot be activated. A running VM instance will send VMSetup packets (with its SN and UUID inside) to FDN servers every hour to refresh FDN cache about its information. Another VM instance with the same SN and different UUID cannot be activated until the FDN cache expires. If the current VM instance is still running, it will send VMSetup commands to FDN servers hourly. Cached information about its SN and UID on FDN servers will be refreshed every hour. There is no way to remove it. If the VM is shutdown so that it stops sending VMSetup commands, cached information on FDN servers will expire after 90 minutes.
Use the following command to verify the instance UUID:
diagnose hardware sysinfo vm full
UUID: 89fdbaab6ffe4cf08dd31d0bfc7ef776
valid: 1
status: 2
code: 502
warn: 0
copy: 0
received: 4295236771
warning: 4295236771
recv: 202509131249
dup:
In order to verify the VM setup, including the serial number and UUID sent to the FDN servers, use the following debug commands:
diagnose debug application update -1
diagnose debug enable
execute update-now
To stop the debug processes, use the following commands:
diagnose debug disable
diagnose debug reset
__ssl_cert_ctx_load: Added cert FGVM01xxxxxxxxxx, root ca Fortinet_CA, idx 0 (default)
[500] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[520] ssl_ctx_use_builtin_store: Enable CRL checking.
[527] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[840] ssl_ctx_create_new: SSL CTX is created
[867] ssl_new: SSL object is created
[215] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortinet.net'
[350] __ssl_crl_verify_cb: CRL not found. Depth 0
__upd_peer_vfy[338]-Server certificate OK.
__upd_peer_vfy[338]-Server certificate OK.
__upd_peer_vfy[338]-Server certificate OK.
__upd_peer_vfy[338]-Server certificate OK.
[402] __bio_mem_dump: OCSP status good
pack_obj[186]-Packing obj=Protocol=3.0|Command=VMSetup|Firmware=FGVMK6-FW-7.04-2795|SerialNumber=FGVM01xxxxxxxxxx|Connection=Internet|Address=10.9.11.86:0|Language=en-US|TimeZone=-7|UpdateMethod=1|Uid=89fdbaab6ffe4cf08dd31d0bfc7ef776|VMPlatform=KVM
get_fcpr_response[298]-Unpacked obj: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.9-0250|SerialNumber=FPT-FGT-DELL0309|Server=FDSG|Persistent=false|PEER_IP=x.x.x.x
upd_vm_cfg_set_status[271]-Saved status code 200
upd_comm_disconnect_fds[502]-Disconnecting FDS x.x.x.x:443
[212] __ssl_data_ctx_free: Done
[1120] ssl_free: Done
[204] __ssl_cert_ctx_free: Done
[1130] ssl_ctx_free: Done
[1111] ssl_disconnect: Shutdown
do_setup[346]-SETUP successful
To display license details, run the following:
diagnose debug vm-print-license
SerialNumber: FGVM08**********
CreateDate: Mon Dec 24 20:11:56 2025
License expires: Thu Dec 25 00:00:00 2031
Expiry: 366
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: 08 (11)
CPU: 8
MEM: 2147483647
To display the license information from FortiGuard:
diagnose hardware sysinfo vm full
UUID: abbe****************************
valid: 1
status: 1
code: 200
warn: 0
copy: 0
received: 4604955037
warning: 4600905081
recv: 202009152207
dup:
