Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Renante_Era
Staff
Staff

Created on ‎02-14-2024 06:42 AM Edited on ‎08-11-2025 01:50 AM By Community Manager

Article Id 299369

Troubleshooting Tip: License/Subscription fail to update

Description This article describes how to fix an issue where the license/subscription of FortiGate in HA cluster is not updating.
Scope FortiGate.
Solution
  1. Verify that the FortiGates are in an HA cluster.

get system ha status

 

  1. Confirm that the cluster member licenses/subscriptions were renewed.
  2. Ensure that both devices can reach FortiGuard.

execute ping update.fortiguard.net

execute ping service.fortiguard.net

execute ping guard.fortiguard.net

 

Command 'diagnose debug rating' can also be used to troubleshoot FortiGuard connectivity. This will provide information about the status of FortiGuard servers and FortiGate's ability to communicate with them. 

 

Screenshot 2025-08-04 124310.png

 

Once reachability with the FortiGuard server is confirmed, the command below can be executed to compel a manual update:

 

execute update-now

 

  1. View the Dashboard and confirm whether the license was updated. If necessary, fail-over to the secondary device and execute update-now.

 

execute ha manage <index-ID> <admin-username>

 

Find the index number by following the CLI command that shows the index number of the secondary when it is run in the primary:

    

execute ha manage ?

<id> please input peer box index.
<1> Subsidiary unit FWXXFDTK0000000

 

execute ha manage 1 admin

 

Press the Enter key, and a prompt will appear for a Password. Once the password is entered, access will be granted to the Secondary unit. 

 

execute update-now

Note:

  • Make sure both FortiGates are running the same FortiOS firmware version.
  • All FortiGates in the cluster must have the same level of licensing (Setting up registration and licensing) for FortiGuard, FortiCloud, FortiClient, and VDOMs. FortiToken licenses can be added at any time because they are synchronized with all cluster members.
  • Ensure that not only the FortiGates have an Internet connection but also public hostnames, especially the FortiGuard FQDN, can also be resolved by the DNS servers configured.
  • If FortiGate is in an air-gap environment, the solution is to manually upload the entitlement file on each FortiGate unit before initiating the upgrade.
  • Make sure that FortiGate Cluster members are registered to one FortiCloud account.

 

Note:

Devices on or below the 200 series will require a cloud key to register the secondary device to support the portal for FortiGuard licenses if they are in HA. 

 

Related articles:
Technical Tip: The license still shows as expired after renewal

Technical Tip: Device License is not reflecting in FortiGate dashboard
Troubleshooting Tip: License not reflected in the GUI

Technical Tip: FortiGate license expiry date incorrect

Technical Tip: Entitlement File for Device in Air-Gap Environment 

Troubleshooting Tip: License not updating when FortiGate on HA have Different Account Registration
15520
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.