Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Allowing Microsoft KMS activation

NEED:  To allow an external KMS server (we trust the external IP) to communicate back and forth with our internal server subnet for Windows activation, BUT...


PROBLEM: the KMS server has to see the traffic coming to it from a trusted IP-space.  Our firewall external IP is not in their trusted IP-space, and they don't whitelist IPs from other providers.  Can I put policies in place to allow the KMS server to see the IPs of our internal servers?  If so, how?

(faked IPs below)


KMS Server:

Our firewall External IP:   (Fortigate 200E, running FortiOS 7.0.9)

Our internal IP subnet:  (I believe this is considered trusted IP-space, as these are VMs hosted by the same company that has the KMS server)


I should have added, the KMS server only responds on port 1227


Thanks for the help,


New Contributor

I have to do a windows license renewal for one of company clients and they're looking to add a KMS to manage all the licenses.

My question is do I need separate license for KMS service? When I check on MS website they mentioned something called KMS Host license but I'm not sure what it is? And when I asked from the local MS distributor he said I don't need any additional license and I just have to enable the KMS service on a windows server.
Top Kudoed Authors