Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ychia
Staff
Staff

Created on ‎07-19-2022 09:08 PM Edited on ‎10-14-2025 09:16 AM By Moderator

Article Id 217970

Technical Tip: FortiGate license expiry date incorrect

Description This article describes the FortiGate license expired date incorrectly which happens on HA clusters.
Scope FortiGate.
Solution

Confirm both HA cluster units' expiry dates.

 

Example:

 

Primary FortiGate expiry date: 10/10/2024

Secondary FortiGate expiry date: 10/10/2023

 

The FortiGate license will reflect the earliest expiry date among the cluster units.

FortiGate GUI will show the expiry date as 10/10/2023.

  • Even though the primary HA device license is not expired, it shows expiry dates from the secondary on the primary device.

 

error for license.png

 

In the CLI it should show as below when 'diagnose debug app update -1" executes for the expired license on the secondary unit:

 

upd_status_set_ha_expiry[1477]-Extracting contract...(SerialNumber=FG101E4Qxxxxxxxx|Contract=AVDB-1- --------------

update_status_obj[740]-SBCL contract expiry=Sat Dec 7 01:00:00 2024
level(6) alert(0)
update_status_obj[740]-AVDB contract expiry=Sat Dec 7 01:00:00 2024
level(6) alert(0)
update_status_obj[740]-ETDB contract expiry=Sat Dec 7 01:00:00 2024
level(6) alert(0)
update_status_obj[740]-EXDB contract expiry=Sat Dec 7 01:00:00 2024

level(6) alert(0)

level(6) alert(0)
upd_status_set_ha_expiry[1511]-Serial Number: FG101E4Qxxxxxxxx - contract processed
upd_status_set_ha_expiry[1477]-Extracting contract...(SerialNumber=FG101E4Qcsdnw|Contract=AVDB-1- ---------------

update_status_obj[740]-SBCL contract expired=Sat Dec 7 01:00:00 2023 <<<<< Should see Expired
level(6) alert(0)
update_status_obj[740]-AVDB contract expired=Sat Dec 7 01:00:00 2023 <<<<< Should see Expired
level(6) alert(0)
update_status_obj[740]-ETDB contract expired=Sat Dec 7 01:00:00 2023 <<<<< Should see Expired
level(6) alert(0)
update_status_obj[740]-EXDB contract expired=Sat Dec 7 01:00:00 2023 <----- Should see Expired.

  • Run the following commands on both devices to verify the license or else can check on the FortiCloud portal.

 

diagnose debug reset
diagnose debug disable
diagnose debug app update -1
diagnose debug enable 

execute update-now 

 

diagnose debug disable <----- Stop the logs after the update is successful.

 

FortiCloud portal verification:

Login to support.fortinet.com and go to the Section Product -> My Assets.

 

cloud.png

 

  • Grace period on license expiration

There is a grace period of 2 days designed to provide administrators with additional time to renew the license, ensuring uninterrupted access to FortiGuard services.

 

Example: This HA cluster had one of the units ending at 04 of March however, on FortiGate's GUI, the expiration date is 06 of March.

 

  • Customer FortiCloud account.

 

ha_licenses.png

 

  • FortiGate GUI.

 ha_licenses_1.png
Labels:
3770
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.