Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to release licenses from forticlient ems



I was looking to see if anyone knows a way to clear up licenses from EMS using AD. 


We have windows 7 machines that we've been reimaging to Windows 10 or outright removing them from AD, but we've noticed that a good chunk of the old hostnames are still in EMS I assume taking up a license. Hopefully someone can help.




login to EMS server

Click Endpoints | All Endpoints

Select all the endpoints you want to remove by checking the box.

Then simply click Action | Exclude from Management (or Delete Device)


This returns any used license back to the pool



A quick heads up that in FortiClient EMS 7.0.2 you can automate this task, if desired, by configuring the number of days after the endpoint last contacted EMS to DeRegister the Endpoint and then configure the number of days after the endpoint was deregistered to Delete the Endpoint, freeing up the license.  For example, if a client doesn't connect for 30 days, it is deregistered, and then if it doesn't return for another 30 days the endpoint is deleted, freeing up the license 60 days after last contact.


We currently have our license timeout in 7.0.1 set to 14 days.

Can you confirm the following - under the current license purge rules if someone doesn't connect in 14 days their license rolls off.  But it they were to connect on day 15 and a license was available wouldn't EMS just issue one?


My understanding is that under your scenario the client is deregistered after 14 days of inactivity but the license is not released yet.  If the user re-registers during the subsequent 14 days, the original license will be reapplied. However, if they do not re-register during the subsequent 14 days, the license will be released back into the pool. If on day 29 (or any time after) the client re-registers, a license will be allocated from the pool back to the user and will be bound to that user for 28 days (14 days of inactivity to DeRegister and then 14 days to client deletion). This all assumes you have configured the automation, otherwise it is a manual process.


Having said that, my lab EMS is currently down and I'm unable to verify this for you.


There is a fair amount of explanation of these options in the EMS Admin guide under the section System Settings --> Configuring EMS Settings.


New Contributor III

Where is this done?


Never mind - found it

New Contributor

Olin, where is this done inside the mgt portal?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors