In case of a new device installation or new RMA device, there may be an issue where the device license is not reflected in the GUI as shown below.

To resolve this issue, ensure that the device has internet connectivity & reachable to the FortiGuard server.

Collect the info below to validate it.

   execute ping 8.8.8.8

execute ping google.com
execute ping service.fortiguard.net
execute ping update.fortiguard.net

execute ping directregistration.fortinet.com
execute ping guard.fortinet.net

krypton-kvm34 # execute ping update.fortiguard.net
PING fds1.fortinet.com (12.34.97.16): 56 data bytes
64 bytes from 12.34.97.16: icmp_seq=0 ttl=53 time=87.6 ms
64 bytes from 12.34.97.16: icmp_seq=1 ttl=53 time=87.7 ms
64 bytes from 12.34.97.16: icmp_seq=2 ttl=53 time=87.4 ms
64 bytes from 12.34.97.16: icmp_seq=3 ttl=53 time=87.4 ms
64 bytes from 12.34.97.16: icmp_seq=4 ttl=53 time=87.4 ms

--- fds1.fortinet.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 87.4/87.5/87.7 ms

diagnose debug rating

Once FortiGuard connectivity is restored, initiate the update as follows. The device license will be reflected in the dashboard.

Debug:

diagnose debug reset
diagnose debug application update -1
diagnose debug enable

Manual update: 

execute update-now

Disable debug (run the command below after the update is completed in a few minutes):

diagnose debug disable

get system fortiguard-service status <----- To verify FortiGuard service status.

diagnose autoupdate version <----- To check version status

Note:

1. With VDOM enabled, the above commands need to be executed on the global VDOM.
2. In the HA cluster, all the FortiGates have to be registered under the same account and have identical licenses. If there is a discrepancy, the entire cluster will operate under the 'lower' license found among the devices.

An alternative solution is to use manual licensing for FortiGates in air-gap environments. This feature is only supported for FortiGate models running v7.2.0 or later. Download the license file from the 'license and key' section on FortiCloud and upload it to FortiGate as shown in Allow manual licensing for FortiGates in air-gap environments.

The above steps are for the general case if an open internet connection is available to the box.

If the firewall does not have an internet connection, then updating the license file manually is the only option.

Few services, like IPS and other databases, can also be updated through a TFTP server configured on a local PC connected to a firewall.

In some scenarios, licenses could be acquired with an activation date set in the future. From the Device's Entitlement Tab in the Support Portal, the license could be observed as part of the entitlement. However, the FortiGate will display 'not licensed' until that activation date is reached.

Related articles:

• Technical Tip: The license still shows as expired after renewal
• Troubleshooting Tip: License not reflected in the GUI
• Troubleshooting Tip: License/Subscription failed to Update
• Troubleshooting Tip: License not updating when FortiGate on HA have Different Account Registration