Hi,
i have two fgt600C on A/P cluster running FortiOS 5.2.4, my issue is i have two different license on both FGTs (Primary Bundle, secondary NGFW) so am missing the AV on the 2nd device, now the issue is whenever there is an update it shows expired .
how do is solve it is by bringing down (reboot) the slave run the update on master works fine connected back again .
is my issue is related to license difference ( since 2nd device does not have AV license so when there is an update it reflect the status on master ) or its something else.
FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I do have a similar issue (which is currently marked as bug 293314) between 2 FortiGate 92D (5.2 Patch4), one with Bundle and one with (only) Hardware 8x5, but am using FGSP not HA (according to http://docs-legacy.fortinet.com/fgt/handbook/cli52_html/index.html#page/FortiOS%205.2%20CLI/config_s... FGSP is not HA).
I do have 3 VDOM on each FortiGate (+root VDOM) and I am syncing sessions between 2 VDOM (on each side), but none of these 2 VDOM are not using UTM features neither being master VDOM, and still the one with Bundle subscription is marked as being unlicensed (and intermittently one, many or all UTM license are marked as Expired).
If you switch to FGSP you could use configuration synchronization, prioritize traffic through the one that has Bundle (by using VRRP) and in the failover case you should probably be ok because you can still use AV with the (default) old definition.
AFAIK you need licenses on both devices for them to work properly
License requirements for HA cluster are written up here in the KB.
I do have a similar issue (which is currently marked as bug 293314) between 2 FortiGate 92D (5.2 Patch4), one with Bundle and one with (only) Hardware 8x5, but am using FGSP not HA (according to http://docs-legacy.fortinet.com/fgt/handbook/cli52_html/index.html#page/FortiOS%205.2%20CLI/config_s... FGSP is not HA).
I do have 3 VDOM on each FortiGate (+root VDOM) and I am syncing sessions between 2 VDOM (on each side), but none of these 2 VDOM are not using UTM features neither being master VDOM, and still the one with Bundle subscription is marked as being unlicensed (and intermittently one, many or all UTM license are marked as Expired).
If you switch to FGSP you could use configuration synchronization, prioritize traffic through the one that has Bundle (by using VRRP) and in the failover case you should probably be ok because you can still use AV with the (default) old definition.
hi,
mostly its the same bug because its the exact same issue, the only difference that am using HA (active-passive) then i believe i have to wait for it i will check with local Fortinet engineer her .
FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1070 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.