Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asengar
Staff
Staff

Created on ‎07-25-2023 12:03 AM Edited on ‎11-30-2023 07:40 AM By Moderator

Article Id 265540

Technical Tip: How to update the license for FortiGate in Transparent mode without internet (offline)

Description This article describes how to update the license offline when there is no internet access to the FortiGate.
Scope FortiOs 7.2.0 and above.
Solution
  • When the firewall is operated in the Transparent mode in the network and only used for Intranet traffic as a switch to inspect and forward the traffic, so without internet connectivity the license update or the FortiGuard database update is not possible automatically.
  • In the previous version below 7.2.0, the internet was mandatory for updating or it was done with the help of FortiManager.
  • From version 7.2.0 and later it is possible to download the offline license for the hardware device by logging into the support portal.

Steps to Download the Offline License File:

 

  1. Login to the support portal from the registered account for the device license file is needed.
    https://support.fortinet.com/welcome/#/
  2. Once logged into the portal, in the dashboard the assets information will be displayed, select the FortiGate.

    10.png
  3. Once selecting FortiGate, the list of firewalls in the network will appear along with the serial number product details.
  4. Select the serial number of the device that needs to download the license file.
     

     

    11.png
  5. In the license and key section, select Get the license file, the license file will be downloaded in the format .lic with the device serial number FGT******947Off-NetworkLicenseFile.lic.
  6. Once the .lic file is downloaded upload the file in the FortiGate.
  7. In FortiGate go to System -> FortiGuard -> Manual update -> Upload the file downloaded
  8. Initially, the services will be showing as pending and once the file is uploaded successfully it will change to licensed and registered for FortiCare support.

    To manually upload the license from CLI, give the below command:

    execute restore manual-license {ftp | tftp} <license file name> <server> [args]


    NOTE:     The manual office license upload is only available for hardware models currently.

    In case the firmware of the firewall is below 7.2.0 then this is not feasible, so it is necessary to upgrade the device to 7.2.0 and later follow the upgrade path and then follow the same procedure.
  9. After applying the license to push the connectivity with the firewall and FortiGuard server, run the following commands. These commands will attempt to make contact with the FortiGuard server and sync with it. A connectivity status log will be shown.

diagnose debug application update -1

diagnose debug enable

execute update-now

 

10. After, run the following command to stop the debug.

 

diagnose debug disable
diagnose debug reset

 

Related article:

Technical Tip: Procedure to apply FortiGate firewall license.
3258
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.