Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
heng
Staff
Staff

Created on ‎08-16-2023 09:43 PM Edited on ‎08-16-2023 10:22 PM By Community Manager

Article Id 269125

Technical Tip: How to debug for FortiGate-VM license installation on both FortiManager and FortiGate

Description

 

This article described how to run a debug for the FortiGate-VM license installation issue on both FortiManager and FortiGate.

It is possible to install VM licenses to all the managed FortiGate devices under the FortiManager Device Manager without having to access the FortiGate-VM instances directly, this particularly reduces the management load that is required to login into each of the FortiGate individually. 

The VM license installation via FortiManager is introduced in version 7.2.2 GA and later, 7.4.0 GA and later.

 

Scope

 

FortiManager version 7.2.2 GA and later, 7.4.0 GA and later. 

 

Solution

 

  1. Login into FortiManager -> Device Manager -> Device & Groups, 'Right-click' on the managed device, select Install VM License, upload the license, and select OK.

 

image.png

 

 

image.png

 

image.png

 

image.png

 

 

     2. Run debug in both FortiManager and FortiGate respectively. 

 

FortiManager:

 

diagnose debug application dmworker 255

diagnose debug enable

 

Sample successfully loaded license debug:

 

Request [/usr/local/apache2/bin/httpd:30329:75]:
{ "client": "\/usr\/local\/apache2\/bin\/httpd:30329", "extid": 1, "id": 75, "method": "exec", "params": [{ "data": { "device": 333, "license": "-----BEGIN FGT VM LICENSE-----\n<output omitted>

Response [/usr/local/apache2/bin/httpd:30329:75]:
{ "id": 75, "result": [{ "status": { "code": 0, "message": "OK"}, "url": "dmworker\/install\/license"}], "session": 31191}

Request [dmworker:dmworker/install/license ...:24220:2]:
{ "client": "dmworker:dmworker\/install\/license ...:24220", "id": 2, "method": "exec", "params": [{ "data": { "client": "dmworker:dmworker\/install\/license ...:24220", "id": 1, "method": "update", "params": [{ "data": { "detail": "start upload license", "percent": 10, "state": 1}, "dvm_src_is_oid": 1, "url": "task\/58\/line\/device FGT74"}]}, "target start": 1, "url": "task\/batch"}], "root": "dmworker", "session": 31191}
__install_license_by_data: serial = FGVM08TM22003659
__cq_add_request,1699: added request to queue, current size: 1
Request [dmworker:dmworker/install/license ...:24220:4]:
{ "client": "dmworker:dmworker\/install\/license ...:24220", "id": 4, "method": "exec", "params": [{ "data": { "client": "dmworker:dmworker\/install\/license ...:24220", "id": 3, "method": "update", "params": [{ "data": { "detail": "verify license success, sn = 'FGVM08TMXX00XXXX'", "percent": 30, "state": 1}, "dvm_src_is_oid": 1, "url": "task\/58\/line\/device FGT74"}]}, "target start": 1, "url": "task\/batch"}], "root": "dmworker", "session": 31191}
__cq_add_request,1699: added request to queue, current size: 2
Request [dmworker:dmworker/install/license ...:24220:7]:{ "client": "dmworker:dmworker\/install\/license ...:24220", "id": 7, "method": "exec", "params": [{ "data": { "client": "dmworker:dmworker\/install\/license ...:24220", "id": 6, "method": "update", "params": [{ "data": { "detail": "upload license success", "percent": 80, "state": 1}, "dvm_src_is_oid": 1, "url": "task\/58\/line\/device FGT74"}]}, "target start": 1, "url": "task\/batch"}], "root": "dmworker", "session": 31191}

Response [/usr/local/apache2/bin/httpd:30329:75]:__cq_add_request,1699: added request to queue, current size: 3
{ "id": 75, "result": [{ "status": { "code": 0, "message": "OK"}, "url": "dmworker\/install\/license"}]}

Request [dmworker:dmworker/install/license ...:24220:10]:
{ "client": "dmworker:dmworker\/install\/license ...:24220", "id": 10, "method": "exec", "params": [{ "data": { "client": "dmworker:dmworker\/install\/license ...:24220", "id": 9, "method": "update", "params": [{ "data": { "detail": "install license success", "percent": 100, "state": 4}, "dvm_src_is_oid": 1, "url": "task\/58\/line\/device FGT74"}]}, "target start": 1, "url": "task\/batch"}], "root": "dmworker", "session": 31191}

 

 

FortiGate:

 

diagnose debug application httpsd -1

diagnose debug enable

 

Sample successfully loaded license debug:

 

[httpsd 2220 - 1692169549 info] endpoint_process_req_vdom[1050] -- new API request (action='upload',path='system',name='vmlicense',vdom='root',user='Fortimanager_Access')
[httpsd 2220 - 1692169549 info] aps_is_miglog_request[554] -- Checking if REST request came from miglog
[httpsd 2220 - 1692169549 info] system_vmlicense_upload[153] -- VM license valid - triggering reboot
[httpsd 2220 - 1692169549 info] endpoint_process_req_vdom[1056] -- completed API request (rss_pre=35900, rss_post=35900, rss_delta=0)
[httpsd 2220 - 1692169549 info] endpoint_process_req[2015] -- Removing temporary upload file: /tmp/monitor_upload_7d5pj3.
[httpsd 2220 - 1692169549 info] fweb_debug_final[318] -- Completed POST request for "/api/v2/monitor/system/vmlicense/upload" (HTTP 200)

1308
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.