This article describes how to activate the FortiSwitch Manager license through FortiGuard when operating in an isolated (air-gapped) network environment, using a proxy server.
Scope
FortiSwitch Manager.
Solution
In an air-gapped network where FortiSwitch Manager has no direct internet access, follow the steps below:
Access the FortiSwitch Manager web interface from a browser and upload the license file manually.
Configure FortiSwitch Manager to use a proxy server for FortiGuard communication by entering the following CLI commands:
FSWMVMTMXXXXXXXX # config system autoupdate tunneling FSWMVMTMXXXXXXXX (tunneling) # set status enable FSWMVMTMXXXXXXXX (tunneling) # set address <proxy_address> FSWMVMTMXXXXXXXX (tunneling) # set port <proxy_port> FSWMVMTMXXXXXXXX (tunneling) # set username <Username> FSWMVMTMXXXXXXXX (tunneling) # set password <PASSWORD> FSWMVMTMXXXXXXXX (tunneling) # end FSWMVMTMXXXXXXXX #
Set up a static route to reach the proxy server:
FSWMVMTMXXXXXXXX # config router static FSWMVMTMXXXXXXXX (static) # edit 1 FSWMVMTMXXXXXXXX (1) # set static enable FSWMVMTMXXXXXXXX (1) # set dst <proxy_address> <subnet_mask> FSWMVMTMXXXXXXXX (1) # set gateway <gateway_address> FSWMVMTMXXXXXXXX (1) # set device <interface_name> FSWMVMTMXXXXXXXX (1) # next FSWMVMTMXXXXXXXX (static) # end FSWMVMTMXXXXXXXX #
Wait approximately 5 minutes, then refresh the browser and log back in to the FortiSwitch Manager to verify the license status.
