Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
CarlosColombini
Staff
Staff

Created on ‎09-06-2023 08:31 AM

Article Id 272394

Troubleshooting Tip: Configuration may not be fully applied when injecting FortiFlex license via Cloud-Init

Description

 

This article explains the reason why configuration may be missing after injecting a FortiFlex license via cloud-init.

 

Scope

 

FortiGate v6.4.10+, v7.0.6+, v7.2.0+, FortiFlex License, Cloud Init.

 

Solution

 

Prior to FortiOS versions v6.4.10, v7.0.6, and v7.2.0, the license part of a multipart file (MIME) was always processed first. However, if there was no pre-configuration done in the FortiGate VM instance to allow it to reach FortiGuard Servers, it would fail to be applied. To address this issue, a multipart file is now processed in the order.

 

The multipart file supports 3 parts. The first two are required and the third one is optional, though recommended.

The parts are processed in order: 'pre-configuration', 'license token', and 'post-configuration'.

 

If the third part is not included and all configuration is done in the first part, the part configuration may fail because some features may depend on a certain license to be applied. To address this issue, it is recommended to add a third part containing all configuration, which is called 'post-configuration'.

 

See the example below of a sample multipart file with 3 components.

The first part is the network configuration (pre-configuration).

The second part is the VM license (license token information).

The third part is another configuration that will be applied after license installation (post-configuration).

 

Content-Type: multipart/mixed; boundary="===============0266095039302191565=="
MIME-Version: 1.0

--===============0266095039302191565==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="pre-config.txt"

config system interface
  edit port1
    set mode static
    set ip 172.16.165.71/24
  next
end

config router static
  edit 1
    set device port1
    set gateway 172.16.165.1
  next
end

--===============0266095039302191565==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="license-token.txt"

LICENSE-TOKEN:ABCD

--===============0266095039302191565==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="post-config.txt"

config system global
  set hostname FGT1-Flex
end

--===============0266095039302191565==--

 

 

Related documents:

548
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.