Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ProtocolSA
New Contributor

Created on ‎03-19-2025 09:37 AM

Fortigate 200G active/passive licence

Hello,

 

I would like to install a Fortigate 200G with active/passive HA.

That's mean that only one Firewall is running, the second, just in case of problem on the primary.

 

Our reseller said that's it's required to have both licences and maintenance same on both firewalls.

Is that's correct ?

 

Thank you.

 

Labels:
275
0 Kudos
1 Solution
owen911
New Contributor
In response to ProtocolSA

Created on ‎03-20-2025 12:19 AM Edited on ‎03-20-2025 12:28 AM

Based on Administration Guide v7.6.1, v7.4.6, V7.2.9

A-P setup is able to share single license with a certain range of variants. 
refer to below guide 

https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/246857

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/246857/single-fortiguard-license-for...

 

View solution in original post

155
10 REPLIES 10
plsikk
New Contributor III

Created on ‎03-19-2025 10:58 AM

Yes because HA is only setup , but contract is for Hardware 

Best regards
Best regards
236
ProtocolSA
New Contributor
In response to plsikk

Created on ‎03-19-2025 11:28 AM

Hello,

 

Ok I understand that I need a hardware support, it's normal, and we need to get it, but....

 

If we choose the Bundle with Enterprise Protection we get:

  • FortiCare 24x7
  • FortiGuard App Control Service
  • FortiGuard IPS Service
  • FortiGuard Advanced Malware Protection
  • FortiGuard Web Filtering Service
  • FortiGuard Antispam Service
  • FortiGuard Security Rating Service
  • FortiGuard Industrial Service
  • FortiCASB SaaS-only Service

But in a active / passive case, we do not use Web Filtering 2 times, Antispam 2 times, Antivirus 2 times and 2 times all others services. We use it only on the (one) running appliance (1), not on both, so it's not very cool from Fortinet to force customer to buy licence not used. Imagine that in 5 years we don't have any problem with the running appliance, so the licence of the (inused) second one are just only for giving money to Fortinet.

 

A HW support licence for the second HA in Active / Passive mode would be the solution, but I think with the mode of licencing every appliance in the HA (however in passive mode) we jump into very expansive price if I compare to other brand that make this difference (active/active & active/passive).

 

At this time, if there is no solution other to get 2 FULL licences at the same price for an HA active/active or active/passive mode, I think we will see outside Fortinet.

 
 
 
 
223
0 Kudos
plsikk
New Contributor III
In response to ProtocolSA

Created on ‎03-19-2025 11:41 AM

license is linked with serial number - so what is you passive FGT will be promoted as active - so no license ? I remember Cisco had HA license for WLC just for failover and HA can't be active longer then some time. But for Forti no. We have more then 200 FGTs and for all units license have to by active

Best regards
Best regards
197
dingjerry_FTNT
Staff
Staff
In response to ProtocolSA

Created on ‎03-19-2025 11:50 AM

Hi @ProtocolSA ,

 

You need to get valid licenses for both devices in the same HA cluster.  Otherwise, in the FGT GUI, it will show no valid licenses even if you do have them for the primary only.

Regards,

Jerry
190
plsikk
New Contributor III
In response to dingjerry_FTNT

Created on ‎03-19-2025 11:52 AM

This is what I said. He need license and contract for both.

Best regards
Best regards
186
owen911
New Contributor
In response to ProtocolSA

Created on ‎03-20-2025 12:19 AM Edited on ‎03-20-2025 12:28 AM

Based on Administration Guide v7.6.1, v7.4.6, V7.2.9

A-P setup is able to share single license with a certain range of variants. 
refer to below guide 

https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/246857

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/246857/single-fortiguard-license-for...

 

156
plsikk
New Contributor III
In response to owen911

Created on ‎03-20-2025 12:37 AM

OK this is something new. Cool Will check with our KAM. Thanks for sharing

Best regards
Best regards
115
0 Kudos
ProtocolSA
New Contributor
In response to owen911

Created on ‎03-20-2025 01:28 AM

Ok shared licences is only for some "small" appliance. Everything's seems clear.

Thank you to all contributors for this particularity of licenses mode for the Active / Passive mode.

90
0 Kudos
plsikk
New Contributor III

Created on ‎03-20-2025 12:54 AM

question because in documentation I found this 

Do not change the HA mode from A-P to A-A when set logical-sn enable. This will result in the FortiGate losing its vSN. Disabling logical-sn will also result in losing the vSN. As a result, service entitlements will no longer be registered to the HA cluster.

What happen if one unit failed and have to be replaced via warranty. New device have new SN and vSN probably will be new. How to transfer license if it's possible ?

Best regards
Best regards
107
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.