FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
VinayHM
Staff
Staff
Article Id 267927
Description This article describes an issue where licenses do not show valid dates in HA (in either an active-active or active-passive setup).
Scope Any supported version of FortiGate in HA.
Solution

Consider the following example where the two FortiGate devices below are operating in HA mode with licenses:

 

license.PNG

 

The above device is the primary unit and the web filtering license will expire on 2024/01/17.

However, on the secondary device, the license expires on 2025/01/17.

This is the default behavior. The device with the earliest expiry date will be visible on both devices.

 

Verify by logging in to the secondary device via CLI if the HA config does not have a management interface.

Technical Tip: How to access secondary unit of HA cluster via CLI

 

And run the command to license information on the secondary device:

 

diagnose autoupdate versions

 

To fix the issue, break up the HA setup into a standalone FortiGate setup. Each device will then have exact expiry dates. Otherwise, to have a valid license in the HA cluster, make sure both devices have the same license entitlement.

 

In some cases, the master unit shows the AV/IPS expired on the GUI.

 

Verify both units' license status. Possibly one of the units has license expired. To overcome this situation, make sure both units have valid licenses.

Comments
knaveenkumar
Staff
Staff

Nice article