FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jintrah_FTNT
Staff
Staff
Article Id 217680
Description This article describes the FortiGate behavior on its various functions when FortiGuard licenses are expired.
Scope FortiGate.
Solution
  • Firewall: Firewall services will be fully functional.
  • High Availability (HA): HA will be fully functional.
  • Antivirus (AV): The Antivirus engine will be fully functional. However, new signatures will not be updated in the FortiGate.
  • Anti-malware:  Anti-malware engine will be fully functional. However, new signatures will not be updated in the FortiGate.
  • Intrusion Prevention (IPS): The IPS engine will be fully functional. However, new signatures will not be updated in the FortiGate.
  • Application Control: The application control engine will be fully functional. However, new application definitions will not be updated in the FortiGate.
  • Virtual Private Networking (VPN): The VPN engine will be fully functional.
  • Web Filtering: Web Filter engine will work. However, Category-based Web and DNS filtering stop working, as URLs and domains are sent to FortiGuard in real-time to determine the category. By default, all web traffic is dropped. If allowing website requests when a rating error occurs is enabled, then all web traffic passes through without filtering. Static URL filters are applied in a filter profile, and those filters continue to work.
  • Email Filtering: The Antispam engine will be fully functional. However, FortiGuard spam filtering features that function with the cloud will stop until licenses are renewed.
  • DNS filtering: The DNS filtering engine will be fully functional. However, online queries if configured (dynamic classifications/domain categorization) will not be possible. For example, a DNS filter with custom/static domain filtering will be operational, but dynamic filters based on cloud classifications from FortiGuard will stop until licenses are renewed.
  • Data Loss Prevention (DLP): DLP services will be fully functional.
  • SD-WAN: SD-WAN services will be fully functional.
  • Advanced Routing: The routing engine will be fully functional.
  • Explicit Proxy and WAN Optimization: Explicit Proxy and WAN Optimization functions will be fully functional.
  • QoS & Traffic Shaping: QoS & Traffic Shaping Optimization functions will be fully functional.
  • Outbreak Prevention: Outbreak Prevention will stop working as this requires real-time lookups to the FortiGuard database.
  • Operational Technology (OT): OT Security Services will be fully functional. However, no new signatures will be added.
  • Inline-CASB Application Definitions: Inline-CASB will continue to work, but the databases are not updated and no new signatures are added.

 

See the FortiGate Administration Guide for more information.