Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Simon_Bingham
New Contributor III

Created on ‎12-06-2024 04:24 AM Edited on ‎12-06-2024 04:36 AM

Problems renewing licence, what VDOM does it use ?

FortiGate-VM64-KVM v7.0.10

 

LAB-SDB-FW-A (mgmt-vdom) # execute ping service.fortiguard.net
PING guard.fortinet.net (173.243.138.91): 56 data bytes
64 bytes from 173.243.138.91: icmp_seq=0 ttl=43 time=159.2 ms
64 bytes from 173.243.138.91: icmp_seq=1 ttl=43 time=158.5 ms

 

image.png

LAB-SDB-FW-A (global) # execute vm-license XXXXXXXXXXXXXXXXXXX
This operation will reboot the system !
Do you want to continue? (y/n)y

Requesting FortiCare license token:XXXXXXXXXXXXXXXXXX  proxy:(null)
dns resolve error
dns resolve error

 

Any help appreciated thank 

 

Labels:
295
0 Kudos
5 REPLIES 5
funkylicious
SuperUser
SuperUser

Created on ‎12-06-2024 04:47 AM Edited on ‎12-06-2024 04:48 AM

Hi,

Usually the management vdom, but downloading the .lic file and uploading it doesn't do the trick?

I think that the mechanism/command that you are trying is meant for FortiFlex license token.

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/416169/vm-license

"jack of all trades, master of none"
"jack of all trades, master of none"
285
Simon_Bingham
New Contributor III
In response to funkylicious

Created on ‎12-06-2024 05:25 AM

For now I cannot access the .lic file ( thats a different issue ). I'm just really confused as to why it does not just use the mgmt-vdom as in the config. something that should be incredibly simple is turning into a whole days of work 

 

269
0 Kudos
Simon_Bingham
New Contributor III

Created on ‎12-09-2024 04:47 AM Edited on ‎12-09-2024 04:49 AM

Unable to activate FlexVM license via CLI... - Fortinet Community
I found the answer, the logic is impossible to understand, 
To the designers : "if the root vdom is the vdom setup for mgmt, why why would you use a different interface in a different VDOM for the DNS  for the Licences update"  almost impossible to diagnose also. Such poor design. 
And it passed all the usual testing

execute  ping 8.8.8.8

execute  ping service.fortiguard.net

execute vm-license  <  licence >


this was the fix ....

config system ha
config ha-mgmt-interfaces
edit 1
set gateway 172.27.233.254

194
0 Kudos
sjoshi
Staff
Staff

Created on ‎12-09-2024 05:14 AM

is dns working fine from the mgmt vdom?

Let us know if this helps.
Salon Raj Joshi
188
0 Kudos
Simon_Bingham
New Contributor III
In response to sjoshi

Created on ‎12-09-2024 07:22 AM

Hi Sjoshi
Previously tested on both the management and the root vdoms, both had access to the Internet with successful DNS resolution. The issue seems to be that when attempting the licence renewal, it was attempting DNS resolution from the HA interface!! Why, I do not know. Could not find any clues in the logs to this. Is it possible to test DNS resolution from  global context ?

 

161
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.