Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Invalid License!

In short: I have a Fortigate 50B that will not respond - at factory defailts - in any way other than via the console interface (i.e. no ICMP in or out on LAN side, and no web or ssh access on the LAN side. WAN side will not respond to anything as well). Console access is fine. hint is " Invalid License!" error text that comes up in the console interface. FW is still 3.0 stream - thought I' d try to get it to the latest fw but I can' t find xmodem upgrade instructions (and I can' t in any way get out via ethernet to use the normal tftp process) Called tech support and discovered that this particular unit had not been registered (oops) and that I would need to register the device before proceeding any further. My suspicion was that the device completely shut down all functionality when the initial ' included' service contract ran out (and the device had not been registered). I can' t really believe that this would be the case, but it' s what poped to mind. So... Any thoughts on how to address the " invalid license" issue that is presumably preventing the unit from so much as turning on it' s ethernet ports? If an upgrade to 4.0MR1 is a valid route, could someone point me to xmodem upgrade instructions? Thanks in advance.
6 REPLIES 6
p768
New Contributor

the expired licence should not " shut down" the ethernet ports. following a factory reset, you should be able to connect to the LAN port. have you checked the config, as you have console access. also, have you tried the tftp option in the boot menu to reset the unit to factory defaults. if you do not have a valid support contract, you are not entitled to any upgrade software.
rwpatterson
Valued Contributor III

From the CLI, run the command " show system interface" . This will give you the currently configured IP addresses and access methods allowed on each interface. From there you can move forward...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Perhaps I' ve not been clear enough. I have several Fortigate 50B units - we use them for all of our customers and have at least a couple on the shelf at any given time. I have set up the failed unit and a brand new unit ' on the bench' and exeuted a factory reset on both (execute factoryreset). The new unit responds exactly as it should - ICMP and HTTP on the LAN interface at 192.168.1.99. Also, I can (as expected) " execute ping <test_pc>" just fine. The failed unit exibits none of this behavior - I can' t access via ICMP or HTTP on the LAN interface, I can' t ping outward to the test PC, etc. On the outside chance that the factory reset somehow failed, I' ve done a diff on the configs between the two and they are identical. There is also no response on the WAN side - i.e. if I set the wan1 interface to DHCP on both units, the new unit will execute the expected DHCP broadcast request and grab an IP. The failed unit does not even send out the broadcast. However, both the lan and wan ports perform the low level phy speed negotiations exactly as expected - so the ports are ' working' at least at the hardware level. The three LAN ports and wan1 are two completely seperate mac/phy - so the chances of BOTH failing at the same time from a hardware perspective is extremely low. This is a FortiOS issue related to it' s licence expiring. I will try to reload factory firmware via the tftp bootstrap process (which would be before FortiOS loads - so hopefully the lan mac/phy comes up OK). However, I would appreciate if someone could post the console firmware upload process (xmodem) just in case. BTW, I have lots of Fortigate hardware that is inside of contract - it' s just this one unit that has ' expired' (which by the way was the first " lab" unit that we purchased for evaluation). What concerns me is that we' ve only recently switched to Fortigate from a compeditive product line and I have a significant number of units in the feild coming up on their ' expiration date' . I am certain that at least some customers will not choose to continue with a service contract. If these things turn into bricks ' by design' when they' ve not been registered for a year, then I have a very serious problem on my hands.
TopJimmy
New Contributor

is this what your looking for: http://emea.fortinet.net/fortinet/rim/index.php
-TJ
-TJ
rwpatterson
Valued Contributor III

I believe you have a different issue. I only carry support on my 1000a and FAZ800. NONE of my other units are under warranty (cheaper to keep a cold spare on the shelf) All of them are working, routing, policies good and working. All filtering is done on the 1000a, so those remotes just terminate tunnels... All out of warranty, some by a couple years...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
emnoc
Esteemed Contributor III

I had the same issues with a few 1000s. Support could not fix the issue other than RMA. We ran the diagnostic images and all tests and interfaces passed. If you have a support contract with them, I would open up a case.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors