Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalomo
Staff
Staff

Created on ‎12-18-2017 01:53 AM Edited on ‎09-15-2025 07:43 AM By Moderator

Article Id 190534

Technical Tip: VM License activation

Description

 

This article describes the process of VM license activation.
 
Scope
 
FortiGate.


Solution

 

The UUID is an unique id generated by a VM instance. It is based on many factors (hardware resources such as CPU, RAM, hard disk, etc.) and should be unique among different VM instances (even with same VM serial number). Technically there can be multiple VM instances running with a same SN (with different UUIDs). However, Fortinet only allow one active VM instance running at any time, FDN servers will use SN and UUIDs to check and validate for multiple VM instances if any.
 
If a VM instance has been activated by an UUID, another VM instance with a different UUID cannot be activated. A running VM instance will send VMSetup packets (with its SN and UUID inside) to FDN servers every hour to refresh FDN cache about its information. Another VM instance with the same SN and different UUID cannot be activated until the FDN cache expires. If the current VM instance is still running, it will send VMSetup commands to FDN servers hourly. Cached information about its SN and UID on FDN servers will be refreshed every hour.  There is no way to remove it. If the VM is shutdown so that it stops sending VMSetup commands, cached information on FDN servers will expire after 90 minutes.


Use the following command to verify the instance UUID:

 

diagnose hardware sysinfo vm full

 

UUID: 89fdbaab6ffe4cf08dd31d0bfc7ef776
valid: 1
status: 2
code: 502
warn: 0
copy: 0
received: 4295236771
warning: 4295236771
recv: 202509131249
dup:


In order to verify the VMSetup, including Serial number, and UUID, sent to the FDN servers, use the following debug:
 
diagnose debug application update -1
diagnose debug enable
execute update-now
 
To stop the debug, use the command given below:

 

diagnose debug disable

diagnose debug reset

 

__ssl_cert_ctx_load: Added cert FGVM01xxxxxxxxxx, root ca Fortinet_CA, idx 0 (default)
[500] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[520] ssl_ctx_use_builtin_store: Enable CRL checking.
[527] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[840] ssl_ctx_create_new: SSL CTX is created
[867] ssl_new: SSL object is created
[215] ssl_add_ftgd_hostname_check: Add hostname checking 'usupdate.fortinet.net'
[350] __ssl_crl_verify_cb: CRL not found. Depth 0
__upd_peer_vfy[338]-Server certificate OK.
__upd_peer_vfy[338]-Server certificate OK.
__upd_peer_vfy[338]-Server certificate OK.
__upd_peer_vfy[338]-Server certificate OK.
[402] __bio_mem_dump: OCSP status good

pack_obj[186]-Packing obj=Protocol=3.0|Command=VMSetup|Firmware=FGVMK6-FW-7.04-2795|SerialNumber=FGVM01xxxxxxxxxx|Connection=Internet|Address=10.9.11.86:0|Language=en-US|TimeZone=-7|UpdateMethod=1|Uid=89fdbaab6ffe4cf08dd31d0bfc7ef776|VMPlatform=KVM
get_fcpr_response[298]-Unpacked obj: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.9-0250|SerialNumber=FPT-FGT-DELL0309|Server=FDSG|Persistent=false|PEER_IP=x.x.x.x
upd_vm_cfg_set_status[271]-Saved status code 200
upd_comm_disconnect_fds[502]-Disconnecting FDS x.x.x.x:443
[212] __ssl_data_ctx_free: Done
[1120] ssl_free: Done
[204] __ssl_cert_ctx_free: Done
[1130] ssl_ctx_free: Done
[1111] ssl_disconnect: Shutdown
do_setup[346]-SETUP successful

Labels:
20030
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.