Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rahul_p1
Staff
Staff

Created on ‎08-25-2025 11:17 PM Edited on ‎11-19-2025 01:41 PM By Moderator

Article Id 407635

Technical Tip: FortiGate GUI showing license expired when in HA

Description This article explains why the primary FortiGate GUI may still display a license as expired, even after it has been successfully renewed.
Scope FortiGate.
Solution

In an HA cluster, if only the primary FortiGate is licensed, the GUI on the primary may still display the license as expired. When FortiGate fetches contract details, it should retrieve the license information for both the primary and secondary units. If this synchronization fails, the system may continue to show the license as expired, as illustrated in the image below.

 

rahul_p1_0-1755835766564.png

 

rahul_p1_1-1755835766567.png

 

diagnose debug reset

diagnose debug disable

diagnose debug application update -1

diagnose debug enable

 

Primary device contract:

Contract=AVDB-1-06-20251002:0:1:1:0*AVEN-1-06-2
0251002:0:1:1:0*COMP-1-20-20251002:0:1:1:0*ENHN-1-20-20251002:0:1:1:0*FMWR-1-06-20251002:0:1:1:0*FRVS-1-06-20251002:0:1:1:0*FURL-1-
06-20251002:0:1:1:0*HDWR-1-05-20251002:0:1:1:0*NIDS-1-06-20251002:0:1:1:0*SBCL-1-06-20251002:0:1:1:0*SPAM-1-06-20251002:0:1:1:0*SPR

update_status_obj[731]-SBCL contract expiry=Thu Oct 2 04:00:00 2025
level(6) alert(0)
update_status_obj[731]-AVDB contract expiry=Thu Oct 2 04:00:00 2025
level(6) alert(0)
update_status_obj[731]-ETDB contract expiry=Thu Oct 2 04:00:00 2025

Secondary device contract:

Contract=AVDB-1-06-20250727:0:1:1:0*AVEN-1-06-2
0250727:0:1:1:0*COMP-1-20-20250727:0:1:1:0*ENHN-1-20-20250727:0:1:1:0*FMWR-1-06-20250727:0:1:1:0*FRVS-1-06-20250727:0:1:1:0*FURL-1-
06-20250727:0:1:1:0*HDWR-1-05-20250727:0:1:1:0*NIDS-1-06-20250727:0:1:1:0*SBCL-1-06-20250727:0:1:1:0*SPAM-1-06-20250727:0:1:1:0*SPR

update_status_obj[731]-SBCL contract expiry=Sun Jul 27 04:00:00 2025
level(6) alert(0)
update_status_obj[731]-AVDB contract expiry=Sun Jul 27 04:00:00 2025
level(6) alert(0)
update_status_obj[731]-ETDB contract expiry=Sun Jul 27 04:00:00 2025
level(6) alert(0)

 

Note:

When the secondary device license is renewed, the FortiGate GUI will show as an active license in the GUI.

 

license_updated.PNG

 

Since February 2025, units must be registered under the same FortiCloud account.

 

Notes:

  • If the following error is received: "Missing contracts, got 1, expect 2" in the debug log indicates that the FortiGate HA pair's license synchronization is failing because one unit has a different account registration or contract setup, resulting in an inconsistency.
  • To resolve this, ensure both units are registered with the same FortiCare account and have synchronized licenses, which may involve re-registering or re-importing licenses on the affected unit, and verifying that the license details (contracts, serial numbers, etc.) match across the HA pair.
  • Additionally, perform a license sync via CLI (execute ha manage 1 and execute ha manage 2) to force synchronization, and consider regenerating the license if discrepancies persist

 

Related article: 

Troubleshooting Tip: License not updating when FortiGate on HA have Different Account Registration.
300
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.