Sometimes, the FortiGate cannot be upgraded to newer versions. The FortiGuard reports the expiration of the license even with a valid contract. The administrator may see the below error:

The administrator can also check the license using the CLI command:

diagnose test update info contract | grep FMWR

To solve the issue, go to System -> FortiGuard, and select Update Licenses & Definitions Now in the right-side pane.

• Check connectivity to FortiGuard Servers to ensure FortiGate correctly resolves DNS with the following hostnames:
  
  

execute ping service.fortiguard.net

execute ping update.fortiguard.net

execute ping guard.fortinet.net

• Run the FortiGuard debug commands and take the last updates for FortiGuard Servers:
  
  

diagnose debug reset

diagnose debug console timestamp enable

diagnose debug app update -1

diagnose debug enable

execute update-now

• Follow the steps outlined in this link if the FortiGate cannot connect to the FortiGuard Servers.

Note:

If the steps above do not produce satisfying results, consider contacting technical support to check further.