|
The FortiGate is in an HA cluster, and both FortiGates are registered as separate standalone units on FortiCare with separate FortiGuard licenses.
After registering for one virtual serial number to get a single FortiGuard service license for both FortiGate, the support contract, and other services show as not licensed on FortiGate.
HA configuration:
config system ha
set group-id 968
set group-name "cluster"
set mode a-p
set password ENC wXLihjuAvy7q7latgxQ4Fd1jo1x2e+U5zrQcDHU+zIyQb+GHkg3BEu/aeeI/bnNF+T4USAUhDRARRG5KAdDvz1qm1
aA5V/2Fy19yTpPZXxkG0R543H7C1kmAqSirnRQgojkoHAPmfzxlvgjN1U
set hbdev "ha1" 50 "ha2" 50
set override disable
set priority 200
set logical-sn enable
end
Verify the vSN (or Logical Serial) on FortiGate using the following command.
get system ha status
FGT1 # get system ha status
HA Health Status: OK
Model: FortiGate-100F
Mode: HA A-P
Group Name: Cluster
Group ID: 968
Debug: 0
Cluster Uptime: 25 days 22h:40m:42s
Cluster state change time: 2025-08-12 21:27:38
Primary selected using:
<2025/08/12 21:27:38> vcluster-1:
FG100FTKxxxxxxxx is selected as the primary because its override priority is larger than
peer member FG100FTKxxxxxxxx .
<2025/07/30 21:30:00> vcluster-1:
FG100FTKxxxxxxxx is selected as the primary because its override priority is larger than
peer member FG100FTKxxxxxxxx .
<2025/07/30 21:27:26> vcluster-1:
FG100FTKxxxxxxxx is selected as the primary because it's the only member in the cluster.
<2025/07/30 21:27:20> vcluster-1:
FG100FTKxxxxxxxx is selected as the primary because SET_AS_SECONDARY flag is set on
peer member FG100FTKxxxxxxxx
ses_pickup: disable
override: disable
Configuration Status:
FG100FTKxxxxxxxx (updated 0 seconds ago): in-sync
FG100FTKxxxxxxxx chksum dump: d9 35 2c 83 21 ee ce 69 9a 56 4f 6d 79 6a af a8
FG100FTKxxxxxxxx (updated 4 seconds ago): in-sync
FG100FTKxxxxxxxx chksum dump: d9 35 2c 83 21 ee ce 69 9a 56 4f 6d 79 6a af a8
System Usage stats:
FG100FTKxxxxxxxx(updated 0 seconds ago):
sessions=3741, average-cpu-user/nice/system/idle=3%/0%/1%/94%, memory=39%
FG100FTKxxxxxxxx(updated 4 seconds ago):
sessions=0, average-cpu-user/nice/system/idle=6%/0%/3%/89%, memory=35%
FGT1, FG100FTKxxxxxxxx , HA cluster index = 1
FGT2, FG100FTKxxxxxxxx , HA cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.2
Primary: FG100FTKxxxxxxxx, HA operating index = 0
Secondary: FG100FTKxxxxxxxx, HA operating index = 1
The logical serial number does not appear in the output above, which causes the license to show as not valid on FortiGate.
To resolve this, follow the steps below.
- Break the HA cluster by following the article below.
Technical Tip: Precautions to take while breaking the HA and adding the device again
- After breaking the HA cluster, reboot both FortiGates.
- After reboot, add the secondary FortiGate back in the cluster by connecting the HA cable and the network cable. Follow step 3 in the article below to form a cluster back.
Technical Tip: Precautions to take while breaking the HA and adding the device again.
Make sure the primary FortiGate is able to reach FortiGuard.
Reboot + re-forming the cluster after vSN registration triggers FortiGate to compute and propagate the logical serial number across both units. The vSN license then validates correctly.
After reboot, run the HA status command and check for the logical serial number.
FGT1 # get system ha status
Primary: FG100FTKxxxxxxxx, HA operating index = 0
Secondary: FG100FTKxxxxxxxx, HA operating index = 1
Logical serial number: FG100FTKxxxxxxxx
Related documents:
Single FortiGuard license for FortiGate A-P HA cluster
Technical Tip: Additional Info regarding Single FortiGuard license for FortiGate A-P HA cluster feat...
|
