This article describes how to change the IP Address in Asset Management and re-apply the corrected FortiManager/FortiAnalyzer license file.

In some scenarios, the FortiManager/FortiAnalyzer VM may need to be migrated to a new network and assigned new IP address.

When the IP address is changed, the previous license file can no longer be validated. This would disable the GUI and some CLI features until the correct license file is uploaded.

This IP may be configured on any of the VM port and may also not be a routed and reachable one.

1. Change the IP under FortiCloud Asset Management  (Support Portal).
   
   

• Under https://support.fortinet.com/, log in with the FortiCloud credentials.
  
  
• Go to Asset Management -> My Assets, select the device, in the 'Product information' widget, select the 'pen' icon, and update the new IP Address (this IP does not need to be a routed one and or active one, only must be configured on any interface of the FortiManager/FortiAnalyzer).

• Back in the 'Product information' widget, download the new license file from the 'License File Download' hyperlink.

Keep that new '.lic' file where it can be easily accessed.

2. Change the IP for the management interface: (must be a static IP address for the License to be active)
   
   Go to System Settings -> Network -> Interface -> Edit.

After updating it, select 'OK' to save the changes:

IP mode can be confirmed using the following command in the CLI: 

config system interface 

    edit port1

    get 

    < get mode {dhcp | static}> <----- This should be static.

Note:

FortiManager will reboot automatically at this point since the new IP invalidates the old license file.

When FortiManager/FortiAnalyzer boots up, log in to GUI with system-level admin (i.e. 'Super_User' profile).

3. Upload the new license file when prompted:

Note: FortiManager will reboot automatically at this point since the new license file matches the new IP.

4. Reclaim the FortiGate to FortiManager tunnels.
   

If FortiManager cannot initiate the tunnels to the managed FortiGates from its new IP, the following command should be run in the FortiManager CLI:

exe fgfm reclaim-dev-tunnel

If the FortiGate to FortiManager tunnels become up after running the above command, the new FortiManager IP will be automatically updated on all managed FortiGates.

If some FortiGates are behind NAT and cannot be reached from FortiManager, then use the following FortiGate CLI to update the new FortiManager IP address:

config system central-management
    set type fortimanager                 
    set fmg xxx.xxx.xxx.xxx <----- IP address of the FortiManager.
end

Troubleshooting:

In case of license issues or errors, run the following command and attach it when creating a support ticket.

diagnose debug vminfo

For FortiGate-FortiManager connectivity issues, collect the following debugs:

Debug on FortiGate:

diagnose debug reset

diagnose debug application fgfm 255

diagnose debug en

Debug on FortiManager:

diagnose debug reset

diagnose debug application fgfm 255 <IP>

diagnose debug en

To restart the connection from the FortiGate CLI by restarting the 'FGFM' daemon.

fnsysctl killall fgfmd

Related articles for connectivity troubleshooting:

• Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity.
• Troubleshooting Tip: How to troubleshoot connectivity issues between FortiGate and FortiManager.
• Technical Tip: How to migrate a FortiAnalyzer log and config to a new system after an RMA or a Forti....