Description | This article describes an issue where licenses do not show valid dates in HA (in either an active-active or active-passive setup). |
Scope | Any supported version of FortiGate in HA. |
Solution |
Consider the following example where the two FortiGate devices below are operating in HA mode with licenses:
The above device is the primary unit and the web filtering license will expire on 2024/01/17. However, on the secondary device, the license expires on 2025/01/17. This is the default behavior. The device with the earliest expiry date will be visible on both devices.
Verify by logging in to the secondary device via CLI if the HA config does not have a management interface. Technical Tip: How to access secondary unit of HA cluster via CLI
And run the command to license information on the secondary device:
diagnose autoupdate versions
To fix the issue, break up the HA setup into a standalone FortiGate setup. Each device will then have exact expiry dates. Otherwise, to have a valid license in the HA cluster, make sure both devices have the same license entitlement.
In some cases, the master unit shows the AV/IPS expired on the GUI.
Verify both units' license status. Possibly one of the units has license expired. To overcome this situation, make sure both units have valid licenses. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.