FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
M_Abdelhamid
Staff
Staff
Article Id 306594

 

Description This article describes how to troubleshoot the issue when a FortiGate cannot be upgraded due to the license expiration even with a valid contract.
Scope FortiGate v7 and higher.
Solution

Sometimes, the FortiGate cannot be upgraded to newer versions. The FortiGuard reports the expiration of the license even with a valid contract. The administrator may see the below error:

 

ff.png

 

The administrator can also check the license using the CLI command:

 

diagnose test update info contract | grep FMWR

 

To solve the issue, go to System -> FortiGuard, and select Update Licenses & Definitions Now in the right-side pane.

 

mm.png

 

  • Check connectivity to FortiGuard Servers to ensure FortiGate correctly resolves DNS with the following hostnames:

execute ping service.fortiguard.net

execute ping update.fortiguard.net

execute ping guard.fortinet.net

 

  • Run the FortiGuard debug commands and take the last updates for FortiGuard Servers:

diagnose debug reset

diagnose debug console timestamp enable

diagnose debug app update -1

diagnose debug enable

execute update-now

 

  • Follow the steps outlined in this link if the FortiGate cannot connect to the FortiGuard Servers.

 

Note:

If the steps above do not produce satisfying results, consider contacting technical support to check further.