Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kgcppublic
New Contributor

Created on ‎11-12-2024 09:40 AM

What happens if one Fortigate device expires license on an HA pair

Newbie question here, I'm working in an MSP, and one of our clients Fortigate FW license expired which caused web browsing to be blocked. I've look into this and was able to get things working before we renewed the license.

 

Our team is planning to give recommendations on purchasing a similar fortigate appliance with identical license but with different expiry dates. I just want to be sure if this will work, if the primary FW loses its subscription will the 2nd device take over if the subscription on it are still active?

Labels:
1302
0 Kudos
2 Solutions
johnathan
Staff
Staff

Created on ‎11-12-2024 09:51 AM

Each device in the HA cluster needs to be licensed in order for the features to work. The cluster will always take the lowest expiry date on any device. See this article for details: https://community.fortinet.com/t5/FortiGate/Technical-Tip-The-HA-Cluster-requirements/ta-p/325375

"Never trust a computer you can't throw out a window."

View solution in original post

1296
dingjerry_FTNT
Staff
Staff

Created on ‎11-12-2024 10:53 AM

Hi @kgcppublic ,

 

If one of the HA cluster members expires the licenses, the whole HA cluster will show the expired information for the licensing.

Regards,

Jerry

View solution in original post

1280
8 REPLIES 8
johnathan
Staff
Staff

Created on ‎11-12-2024 09:51 AM

Each device in the HA cluster needs to be licensed in order for the features to work. The cluster will always take the lowest expiry date on any device. See this article for details: https://community.fortinet.com/t5/FortiGate/Technical-Tip-The-HA-Cluster-requirements/ta-p/325375

"Never trust a computer you can't throw out a window."
1297
dingjerry_FTNT
Staff
Staff

Created on ‎11-12-2024 10:53 AM

Hi @kgcppublic ,

 

If one of the HA cluster members expires the licenses, the whole HA cluster will show the expired information for the licensing.

Regards,

Jerry
1281
ELCaminooo
Staff
Staff
In response to dingjerry_FTNT

Created on ‎10-06-2025 06:22 PM

What will happen on the inspection capabilities of the HA Cluster if one of the members license expires? Aside from showing the expired license in the GUI since once of the members still have valid UTP license

158
dingjerry_FTNT
Staff
Staff
In response to ELCaminooo

Created on ‎10-06-2025 09:08 PM

As long as the FGT GUI is showing expired licenses (even if one of the cluster members has valid licenses), it will be treated as having expired licenses for the whole HA cluster.

Regards,

Jerry
146
ELCaminooo
Staff
Staff
In response to dingjerry_FTNT

Created on ‎10-07-2025 12:46 AM

The only work around for the member with an active license to work is to remove from the cluster and set it up as standalone?

131
dingjerry_FTNT
Staff
Staff
In response to ELCaminooo

Created on ‎10-07-2025 12:49 PM

There is an option to use a single HA cluster license for both members.

 

Please check this article:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-The-HA-Cluster-license-requirements/ta-p/3...

 

Regards,

Jerry
118
ELCaminooo
Staff
Staff
In response to dingjerry_FTNT

Created on ‎10-08-2025 11:19 PM

How about for those models that are not FG100F and below? Given that one Cluster Member has expired license (UTP). The workaround is to breakdown the FGCP HA and let the FortiGate device with existing license act as standalone?

79
dingjerry_FTNT
Staff
Staff
In response to ELCaminooo

Created on ‎10-09-2025 07:53 AM

Then what you can do:

1) Order and apply valid support licenses to the device with expired licenses.

 

Or

 

2) Remove the unit with expired licenses. 

 

You can still keep the unit with valid licenses as an HA member.

Regards,

Jerry
50
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.