ush0o
New Contributor

Licensing Renewal confusion

Hi All Community, 

 

I have a question about License renewal of fortigate Secutiy services,

 

As we are using sonicwall and every 1 or 2 year we need to renew license for the services like content filter , Nodes/user, App control, content filtereing client, DPI SSL, DPI SSH, Boltel Filter and many more security services, 

 

My Question is if i moved to Fortigate from sonicwall do i also need to renew security services after every specific time period? or  its just like one time pay and we can use those services for longer time ? 

 

can anyone please inform me about this confusion that i have . 

 

thanks 

 

Usman Ali.  

1 Solution
Kenundrum

While renewal is important to get the best use of the system, there is a difference in the way Fortinet handles it versus some other vendors. The short story is that you are effectively paying for definition updates on the majority of services, not necessarily the ability to use them.

The long answer is that anything that can operate fully on the box will continue to operate even after your contract expires, just with whatever the last definitions that were downloaded. This includes basic web filtering (everything except fortiguard categories), IPS, and AV. There are also functions that don't require any update license to use such as DLP, VPN, SD-WAN, Load Balancing, SSO/Authentication, and Application Control (it was made free at some point). So if you don't renew your fortiguard services, the firewall will not suddenly stop working. I believe on SonicWall and some others, as soon as your license expires the functions simply shut down.

I worked in an environment years ago (FortiOS 3.6-ish) that was significantly budget tight- and we were able to make it work by dropping to only firmware update/hardware support on about 100 branch office firewalls. The use case was so restricted that the web filtering was only a small url whitelist and IPS wasn't a requirement at those locations.

CISSP, NSE4

 

View solution in original post

5 REPLIES 5
Markus
Valued Contributor

Hi, As for almost every NextGen Firewall, you have to renew the UTM features dependent on your contract.

So, if you buy a 3Y license, you have to renew it after 3Y. Best


________________________________________________________
--- NSE 4 ---
________________________________________________________

ush0o
New Contributor

Hi Markus, 

Thanks for reply, one question . How can we find out the pricing of all services ? Any documentation ? 

 

 

Regards

Usman Ali 

 

Fullmoon
Contributor III

I would suggest reach out to your local re-seller to discuss pricing matter.

Pls take a look for add'l info https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGuard_Security_Services.pdf

 

Fortigate Newbie

Markus
Valued Contributor

Thanks Fullmoon Yes, this is also my suggestion, because the prices varies.

 

Best


________________________________________________________
--- NSE 4 ---
________________________________________________________

Kenundrum

While renewal is important to get the best use of the system, there is a difference in the way Fortinet handles it versus some other vendors. The short story is that you are effectively paying for definition updates on the majority of services, not necessarily the ability to use them.

The long answer is that anything that can operate fully on the box will continue to operate even after your contract expires, just with whatever the last definitions that were downloaded. This includes basic web filtering (everything except fortiguard categories), IPS, and AV. There are also functions that don't require any update license to use such as DLP, VPN, SD-WAN, Load Balancing, SSO/Authentication, and Application Control (it was made free at some point). So if you don't renew your fortiguard services, the firewall will not suddenly stop working. I believe on SonicWall and some others, as soon as your license expires the functions simply shut down.

I worked in an environment years ago (FortiOS 3.6-ish) that was significantly budget tight- and we were able to make it work by dropping to only firmware update/hardware support on about 100 branch office firewalls. The use case was so restricted that the web filtering was only a small url whitelist and IPS wasn't a requirement at those locations.

CISSP, NSE4