The status of the licenses/entitlements is visible on GUI under the Dashboard. Sometimes, on the FortiGate, the status of some entitlements like IPS, AV, Web Filtering, etc. is showing as 'Expired', despite that the licenses have never been purchased.

This wrong status can cause some issues with Monitoring Systems, because if they detect an expired license, consequently Monitoring System will alert.

Instead of 'Expired Status', the status of the licenses should be 'Not Licensed'. The below image will show both statuses:

To see the status of licenses via CLI, the below troubleshooting commands can be used:

diagnose debug application update -1
diagnose debug en
exeute update-now

diagnose test update info contract

To stop debugging:

diagnose debug disable

diagnose debug reset

From the previous commands, the status of the licenses can be observed :

Status "Expired"

SupportLevelDesc=05:Advanced HW*06:Web/Online*20:24x7*99:Trial
SupportTypeDesc=AVDB:Advanced Malware Protection*COMP:*ENHN:*FMWR:Firmware & General Updates*FRVS:Vulnerability Management*FURL:Web & Video Filtering*HDWR:Hardware*NIDS:NGFW*SPAM:AntiSpam*SPRT:*ZHVO:FortiGuard Virus Outbreak Protection Service

Status "Not Licensed"

SupportLevelDesc=05:Advanced HW*06:Web/Online*20:24x7
SupportTypeDesc=AVDB:Advanced Malware Protection*COMP:*ENHN:*FMWR:Firmware & General Updates*FRVS:Vulnerability Management*HDWR:Hardware*NIDS:NGFW*SPRT:*ZHVO:FortiGuard Virus Outbreak Protection Service

This behavior is as per design because when FortiGate has no licenses for different entitlements (AV/IPS/WebFiltering/SPAM), FortiGuard servers will create trial licenses for them. This feature has been designed for trial purposes.

The licenses can not be deactivated on the FortiGate, because once the FortiGate connects with FortiGuard servers, then the licenses will be auto-created again.

Related article:

Technical Tip: How to Manually restore FortiGate license in CLI