FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 251635

This article describes that when using the standard CLI procedure for FlexVM license injection where a FortiGate is a part of an HA environment with the dedicated management interface, it can happen that the traffic from the management interface is not routable or does not have internet access which is causing a license activation issue:


# execute vm-license XXXXXXXXXXXXXXXXXXXX
This operation will reboot the system !
Do you want to continue? (y/n)y

Requesting FortiCare license token:XXXXXXXXXXXXXXXXXXXX proxy:(null)
dns resolve error
Failed to request forticare license -1.
Failed to download VM license.

Scope FortiGate (FlexVM).

Be aware, when setting up the dedicated management interface even without using the 'ha-direct' setting the 'execute vm-license' command would use this interface for the license download:


# config system ha
    set ha-mgmt-status enable
        # config ha-mgmt-interfaces
            edit 1
                set interface "port1"


There are multiple approaches how to resolve this issue:


1) Add the gateway to 'ha-mgmt-interfaces' setting + make sure the routing from the HA management interface will be able to access the FortiGuard network + run the 'exec vm-license <token>' command.


2) temporarily remove the "ha-mgmt-interfaces" setting + run the 'exec vm-license <token>' command.


3) Use other license injection methods: