Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
FTNT_FortiJan
Staff
Staff

Created on ‎09-10-2024 09:24 AM

Article Id 340284

Technical Tip: How to transfer license during FortiManager migration

Description There are situations where all FortiGate firewalls need to be moved from one FortiManager VM (paid license) to another FortiManager VM (evaluation license) without extra cost for a new license while both FortiManager VMs are located in isolated network without Internet access. This article describes how to achieve this migration by transferring paid license to already production new FortiManager VM that is currently running with evaluation license.
Scope FortiManager VM
Solution

Following is the scenario

  • Old FortiManager VM (S/N FMGVMSTM11111111 with paid license) is assigned with IP address 10.5.55.201.
  • New FortiManager VM (S/N FMG-VMTM22222222 with evaluation license) is assigned with IP address 10.5.54.39.

 

Migration steps

  1. Once all managed Fortinet devices (e.g. FortiGate firewalls) are successfully moved to the new FortiManager VM with new management IP address then shutdown old unused FortiManager VM to avoid any attempts to establish FGFM tunnel to managed Fortinet devices.

  2. Login to FortiCloud Asset Management portal to view Product Information details for the old FortiManager serial number (i.e. FMGVMSTM11111111) and select the Edit icon.

 

FortiManager serial number with paid license and old management IP addressFortiManager serial number with paid license and old management IP address

 

 

  1. In pop-up window, change the IP address to the new FortiManager management IP and select Save.

 

Product information - Management IP address changeProduct information - Management IP address change

 

Note: Only five IP address changes are allowed for one registered VM. The next attempt will be denied and a CS ticket will be required for any further changes.

 

 

  1. In the Product Information details, verify that the IP address was changed to the production FortiManager IP address while the serial number remains the same. After, select 'License File Download' to obtain the license file.

 

FortiManager serial number with paid license and new management IP addressFortiManager serial number with paid license and new management IP address

 

  1. Upload the license file from the previous step to the new FortiManager with the production management IP address. This will reboot FortiManager and change the serial number to the old FortiManager's serial number, but keep the same management IP.

     

 

New FortiManager with Evaluation LicenseNew FortiManager with Evaluation License

 

  1. After a FortiManager reboot, verify that the 'Serial Number' is changed to the old FortiManager serial number and the 'VM License' shows 'Valid'.

 

FortiManager with transferred licenseFortiManager with transferred license

 

  1. To verify that all managed Fortinet devices are still properly registered to the production FortiManager, use the following FortiManager CLI command.

diagnose dvm device list

 

Related documentation:

Re-establishing the FGFM tunnel after VM license migration
Labels:
269
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.