Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nalexiou
Staff & Editor
Staff & Editor

Created on ‎03-03-2025 05:59 AM Edited on ‎12-03-2025 11:13 PM By Community Manager

Article Id 379393

Technical Tip: How to disable 'Register with FortiCare. This step is required to activate threat protection services and receive firmware & package updates' on FortiGate G series models

Description This article describes how to disable the 'Register with FortiCare. This step is required to activate threat protection services and receive firmware & package updates' window in GUI on FortiGate G series models such as FortiGate 50G and 200G.
Scope

FortiOS v7.2.11 or v7.4.8 and later, FortiGate G series models.
Solution

In this hardware platforms, FortiGate prompts when trying to log in, saying: 'Register with FortiCare. This step is required to activate threat protection services and receive firmware & package updates.'

 

The 'Register with FortiCare' prompt will be displayed when logging in to the device via the GUI. There is no option to skip it.

 

kb1.PNG

 

  • In v7.4.8, only FortiGate-20XG and 90XG models have the prompt, and it is possible to configure the devices using CLI before registration.
  • In v7.4.9 and later, most G series models have the FortiCare registration check and the following warning displays when logging in with console and SSH access.


The device is not registered with FortiCare.
Any configuration change is not allowed.

 

Even though the warning states configuration changes are not allowed, it is still possible to work around the issue by updating the interface and routing configuration to enable internet access and FortiCare registration.

 

FortiGate-901G login: admin
Password:
Verifying password...

Welcome!

The device is not registered with Forticare.
any configuration change is not allowed.

FortiGate-901G # config system interface

FortiGate-901G (interface) # edit port1

FortiGate-901G (port1) # set ip 10.255.100.6/28

FortiGate-901G (interface) # end

FortiGate-901G # config router static

FortiGate-901G (static) # edit 1
new entry '1' added

FortiGate-901G (1) # set device port1

FortiGate-901G (1) # set gateway 10.255.100.1

FortiGate-901G (1) # end
The destination is set to 0.0.0.0/0 which means all IP addresses.

FortiGate-901G # execute ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=60 time=6.4 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=60 time=6.3 ms
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.3/6.3/6.4 ms

FortiGate-901G # diagnose fdsm fds-update <-- force FortiGate to check registration and any contracts.

Contract=AVDB-1-10-20260315*AVEN-1-10-20260315*NIDS-1-10-20260315*SPRT-1-20-20260315*FMWR-1-10-20260315*FRVS-1-10-20260315*FURL-1-10-20260315*HDWR-1-10-20260315*SBCL-1-10-20260315*SPAM-1-10-20260315*ZHVO-1-10-20260315*ENHN-1-20-20260315*COMP-1-20-20260315
<...>

Result=Success

 

Resolution:

The FortiCare registration check logic is scheduled for optimisation in v7.4.10 and v7.6.5, allowing IP address configuration using the GUI before registration, as well as a manual license upload option for air-gap deployments.

 

Workaround:

Configure internet access for the FortiGate using CLI and ensure the device is registered in FortiCare.

Alternatively, FortiCare Registration Enforce can be disabled during the BIOS boot sequence by following the steps below:

  • Connect to FortiGate using a serial console cable.
  • Reboot the device.
  • Press any key once this message is displayed.

 

Enabling PCI resources...Done.
Zeroing IRQ setting...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 28626MB.
Press any key to display configuration menu... <----- Press any key.

 

  • Press I:

[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[I]: System configuration and information. <-----
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.

  • Press C:

Enter C,R,T,F,B,I,Q,or H:
[S]: Set serial port baudrate (will take effect on next boot).
[R]: Set restricted mode.
[T]: Set menu timeout.
[U]: Set security level.
[C]: Set FortiCare registration. <---
[I]: Display system information.
[E]: Reset system configuration.
[M]: Display SPD information.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.

  • Press 1:

Enter S,R,T,U,C,I,E,M,Q,or H:
[1]: Not Enforce <-----
[2]: Enforce
Enter FortiCare registration setting [2]:1

 

  • Press 'Q' 2 times to exit.

 

After this change, FortiCare registration will no longer be enforced, allowing login without completing the registration process and enabling GUI configuration changes.

 

Note:

The 'gui-forticare-registration-setup-warning' setting is for a different function and does not affect the GUI login block.

 

config system global

set gui-forticare-registration-setup-warning <enable | disable> <----- Does not affect G series check.

end
11834
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.