Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asengar
Staff
Staff

Created on ‎07-25-2023 12:03 AM Edited on ‎03-14-2025 12:43 AM By Community Manager

Article Id 265540

Technical Tip: How to update the license for FortiGate in Transparent mode without internet (offline)

Description

 

This article describes how to update the license offline when there is no internet access to the FortiGate.

 

Scope

 

FortiGate v7.2.0 and above.

 

Solution

 

  • When the firewall is operated in the Transparent mode in the network and only used for Intranet traffic as a switch to inspect and forward the traffic, so without internet connectivity the license update or the FortiGuard database update is not possible automatically.
  • In FortiOS below 7.2.0, internet access was mandatory for updating the license, or it was done with the help of FortiManager (no manual update).
  • From version 7.2.0 and later it is possible to download the offline license for the hardware device by logging into the support portal.
  • V7.4.0 and later shows an error message firmware image cannot be installed because the device's FortiGuard License for firmware upgrades could not be verified and may have expired. Verify or renew the license to install the upgrade. 

Steps to Download the Offline License File:

 

  1. Login to the support portal from the registered account for the device license file is needed.
    https://support.fortinet.com/welcome/#/

  2. Once logged into the portal, in the dashboard the assets information will be displayed, select the FortiGate.

    10.png

 

  1. Once selecting FortiGate, the list of firewalls in the network will appear along with the serial number product details.
  2. Select the serial number of the device that needs to download the license file.
     

     

    11.png
  3. In the license and key section, select Get the license file, the license file will be downloaded in the format .lic with the device serial number FGT******947Off-NetworkLicenseFile.lic.

  4. Once the .lic file is downloaded upload the file in the FortiGate.

  5. In FortiGate go to System -> FortiGuard -> Manual update -> Upload the file downloaded

  6. Initially, the services will be showing as pending and once the file is uploaded successfully it will change to licensed and registered for FortiCare support. To manually upload the license from CLI, give the below command:

    execute restore manual-license {ftp | tftp} <license file name> <server> [args]


Note:

The manual offline license upload is only available for hardware models in v7.2. With v7.4, this is also possible for VM licenses

In case the firmware of the firewall is below 7.2.0 then this is not feasible, so it is necessary to upgrade the device to 7.2.0 and later follow the upgrade path and then follow the same procedure.

 

Related articles:

Technical Tip: Procedure to apply FortiGate firewall license to offline units

Technical Tip: How to upload account entiltement files for managed devices when FortiManager is oper...

38195
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.