Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jasonhong
Staff & Editor
Staff & Editor

Created on ‎04-15-2024 10:41 PM Edited on ‎09-10-2025 10:04 PM By Moderator

Article Id 309894

Technical Tip: FortiManager/FortiAnalyzer-VM License Validation methods

Description

This article describes the different license validation methods for FortiManager/FortiAnalyzer-VM.
Scope

FortiManager, FortiAnalyzer.
Solution

FortiManager/FortiAnalyzer license can be validated in several methods.

 

Method 1: Online:

  • For online license validation, the FortiManager/FortiAnalyzer-VM must be able to reach the public FortiGuard servers by correctly resolving and connecting to fds1.fortinet.com (usfds1.fortinet.com).
  • To verify and troubleshoot FortiManager/FortiAnalyzer connectivity with FortiGuard, refer to the below KB article: Technical Tip: Verifying FortiGuard connectivity on FortiManager.

 

Method 2: Offline:

  • In the case that the FortiManager/FortiAnalyzer-VM operates in an offline or closed environment, the license validation falls back to the management IP check.
  • The FortiManager/FortiAnalyzer-VM’s management interface IP will be used to match against the management IP of the license file.
  • The management IP of the license file can be checked in the Fortinet support portal.
  • To verify and download the license file, refer to the below KB article: Technical Tip: How to change the IP Address of the FortiManager/FortiAnalyzer VM License file.

 

Method 3: Proxy:

  • FortiManager/FortiAnalyzer license and contract validation can also be done via a proxy server.
  • The proxy configuration below can only be done via CLI; it is used to validate the VM against the FortiCloud/FortiCare registration.

 

config system web-proxy

    set address <string>

    set mode {proxy | tunnel}

    set password <passed>

    set port <integer>

    set status {enable | disable}

    set username <string>

end

 

  • The AV-IPS and Web-Spam proxy is used for all services provided by fds1.fortinet.com (usfds1.fortinet.com).

 

config fmupdate av-ips web-proxy

    set address <string>

    set mode {proxy | tunnel}

    set password <password>

    set port <integer>

    set status {enable | disable}

    set username <string>

end

 

config fmupdate web-spam web-proxy

    set address <string>

    set mode {proxy | tunnel}

    set password <passed>

    set port <integer>

    set status {enable | disable}

end

   

Note:

From version 7.4.0, the following commands have been removed and are no longer supported for proxy settings:

 

config fmupdate av-ips web-proxy

config fmupdate web-spam web-proxy
1917
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.