Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Vanced-ball
New Contributor

Created on ‎12-05-2024 08:28 PM

Offline license validation FAZ

Hello!
I testing offline license validation for my closed network installation and meet some troubles.

I have FortiAnalyzer 7.2.5 with evaluation license and while it is connected to Forti validation servers it`s OK, but when I disconnect it from internet the license drops to Duplicate License" status, and I have log messages like:

"License validation state changes from Trial License Init to Found disconnecting because of Server No Response"
and after that:
"License validation abnormal: state Expired Grace Period on disconnecting, event Server No Response"

and FAZ ask for internet connection to validate license or upload .lic file.
Uploading lic file resolve this problem for about a 1 hour and then I get license issue again.

 

I tried "Method 2" as described there: https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-FortiAnalyzer-VM-License-V...
Add FAZ mgmt ip to support portal and download new license file, but problem still there.

some diagnostics from FAZ when license is already duplicated but still working:

FAZVM64-KVM # get system status
Platform Type : FAZVM64-KVM
Platform Full Name : FortiAnalyzer-VM64-KVM
Version : v7.2.5-build1574 240313 (GA)
Serial Number : FAZ-VMTM24011375
BIOS version : 04000002
Hostname : FAZVM64-KVM
Max Number of Admin Domains : 2
Admin Domain Configuration : Enabled
FIPS Mode : Disabled
HA Mode : Stand Alone
Branch Point : 1574
Release Version Information : GA
Current Time : Fri Dec 06 11:23:41 ICT 2024
Daylight Time Saving : No
Time Zone : (GMT+7:00) Bangkok, Hanoi, Jakarta.
x86-64 Applications : Yes
Disk Usage : Free 177.02GB, Total 195.86GB
File System : Ext4
License Status : Valid

--------------------------------------------------------------------------------------------------------------

 

FAZVM64-KVM # diag debug vminfo
VM license is valid.
fds_code: 0
Validation: Duplicate License
Expired in : 6 days 23 hours 26 minutes

Type: Trial
Licensed GB/Day: 1
Max devices: 3
Management IP: 192.168.0.40
Serial Number: FAZ-VMTM24011375
VM UUID: 27113e2a-0e06-4c72-a562-dacffd77fe23

 

Labels:
322
0 Kudos
6 REPLIES 6
sjoshi
Staff
Staff

Created on ‎12-05-2024 10:22 PM

Refer:-

https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-FortiAnalyzer-VM-License-V...

Let us know if this helps.
Salon Raj Joshi
290
Vanced-ball
New Contributor
In response to sjoshi

Created on ‎12-05-2024 10:27 PM

 

Thank, but I mention that I try this instruction and it`s not worked(

 

screen.png

 

285
0 Kudos
mrafat
Staff
Staff

Created on ‎12-06-2024 06:23 AM

Hi,
Registering FAZ in Air-gapped environment "No internet", will require having an Entitlement file
The Entitlement file can be requested from CS by creating a support ticket with them requesting to have the entitlement file for your FAZ
The same can be found in the below article:

 

https://docs.fortinet.com/document/fortianalyzer/7.6.1/administration-guide/686126/licensing-in-an-a...

Mohamed Rafat
254
Vanced-ball
New Contributor
In response to mrafat

Created on ‎12-08-2024 08:26 AM Edited on ‎12-08-2024 10:33 AM

 

Thank you for link, but it`s not fully resolve the problem =(

I get entitlement file from CS and successfully activate my FAZ without internet connection, but in about 5 minutes after restart I get "Duplicate license" error and log message that license status changed to Found disconnected because of server no response.
And in about an hour licence dropped to invalid.

I can`t understand why FAZ try check license via internet. This feature is disabled:

    config fmupdate publicnetwork

    set status disable

    end

I haven`t any other VM`s with this account or serial number.

upd. I use FAZ-KVM and somewhere I found that this "Duplicate license" error may appear because of hypervisor and to avoid this recommended set machine version to 7.2. I did it aslo, but problem still there.

 

FAZ log.jpgduplicate error.jpgimport entitlement.jpg

fmupdate.png

216
0 Kudos
mrafat
Staff
Staff

Created on ‎12-09-2024 06:55 AM

Hi,
May you please advise how port1 was configured and was it given a static IP or dynamic IP?

Mohamed Rafat
175
0 Kudos
Vanced-ball
New Contributor
In response to mrafat

Created on ‎12-15-2024 05:21 AM

it has static ip and this ip is in asset manager.

But I possibly found the answer - I do my tests with evaluation licence FAZ VM and it`s just don`t support offline validation.

photo_5384356815891980254_y.jpg

 

 

69
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.