Hi all,
The FortiGuard licenses (IPS & Application Control, Anti-Virus and Web Filtering) for our FortiGate 100D (v5.2.3 build 670) cluster are due to expire on 15th June 2015. We are currently working with our supplier to get these licenses renewed. However, should they expire, can you tell me what will happen? Will our IPS, Application Control, Anti-Virus and Web Filtering policies cease to function altogether?
Many thanks, John P
Solved! Go to Solution.
Most features will keep on functioning without problems, eg AV and appcontrol, but will not auto update.
features requiring connection to the Fortiguard servers (category web filtering, antispam) will stop functioning. If you can't get the license renewed in time, I would suggest to temporarily disable those functions.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Most features will keep on functioning without problems, eg AV and appcontrol, but will not auto update.
features requiring connection to the Fortiguard servers (category web filtering, antispam) will stop functioning. If you can't get the license renewed in time, I would suggest to temporarily disable those functions.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Hi Johan,
Many thanks for your prompt reply, it has certainly eased my mind. Hopefully our supplier will get this sorted before this weekend but the more I know about the ramifications of an expiring license, the better I'll be at dealing with any problems that arise.
Best regards,
John P
No problem, glad to help. I've had the same issue a few times as well, or had customers not wanting to renew the licenses. In that case just disable category web filters and check the antispam settings to excuse the options connected to Fortiguard..
IPS and AV can be manually downloaded from the support site, Appcontrol signatures are built into the OS.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
IPS and AV can be manually downloaded from the support site,
Reading such ill advice, I feel the need to mention that a valid subscription costs money because IPS and AV signatures are produced by human beings. We all work for a living and expect to be paid for our efforts. Having the FGT updated automatically or manually is not the point here.
Besides, without a valid support contract you can no longer download signatures. Manual updates are meant for situations where the FGT has no direct access to the internet.
ede_pfau wrote:IPS and AV can be manually downloaded from the support site,Reading such ill advice, I feel the need to mention that a valid subscription costs money because IPS and AV signatures are produced by human beings. We all work for a living and expect to be paid for our efforts. Having the FGT updated automatically or manually is not the point here.
Besides, without a valid support contract you can no longer download signatures. Manual updates are meant for situations where the FGT has no direct access to the internet.
Hi Ede,
don't get me wrong, I am a very big fan of support contracts, as it enables access to helpdesk, new and or dynamic features, hardware support etc. I only mentioned the possibility because having the latest AV signatures at all times is a must in some cases, and manually downloading them from the support site is a means to have these signatures while waiting for the paperworks to clear and get the contract active.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.