Good morning,
I have a question about what is the best way to update/register a Fortigate 40F behind another Fortigate? There is a big rollout coming up, we want to replace all of our Fortigate 40C with Fortigate 40F and I would like to send the fortigates up to date and registered.
We have a lot of small branches and usually we configure new Fortis at our main location just to get them online after they arrive at one branch. Then we register and update the Fortigate, this obviously causes an internet loss.
I’m kinda shure that there is a better way, but I can’t figure out how to do it. First I tried to update the firmware manually. But after one successful update I receive this Error-Message:
This is a FortiOS v7.6.0-build3401 firmware image that cannot be installed because the device's FortiGuard license for firmware upgrades could not be verified or may have expired. Verify or renew the license to install upgrades.
If I understand that correctly the Fortigate needs internet access. So I set the WAN interface to an IP in the same subnet where our main-fortigate is. There is a rule on our main-Forti for internet access, were I added the new Forti. Unfortunately it didn't work, the new Forti is not online.
Then I tried to add the new Forti to our FortiManager. Our FortiManager is in a different subnet, but has access to the other one. In the WAN interface of the new Forti FMG-Acces is checked. Unfortunately that didn't work either.
What is the better/easier way? Get the Fortigate online or add it to the FortiManager? And how I do it?
Hope someone can help me, as you may have already guessed, I'm not the greatest fortigate expert.
With best regards from Germany,
Florian
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have solved it. I forgot to set a static route for all traffic through the main fortigate. I knew it was a really easy solution.
First, do those new 40F have a support license/contract each? If not, the existing (non-existing) license might have expired before 7.6.0 was released this past summer. If so, it wouldn't allow you to upgrade the 40F to 7.6.x. The 40F needs to have a valid support license for that.
The device registration at the support site (FortiCloud Asset page) can be done without the 40F connected to the internet. Just put the S/N in the page and check the status of license. If you purchased the license (FortiCare Essential/Premium) separately, enter the contract code when you enter the S/N.
Toshi
Hi Toshi,
thanks for your reply.
I have registered the fortigate and if I understand that correctly there should be a license for firmware updates. See screenshot below:
My only problem now is how to get the fortigate online so that the forti knows that it can be updated.
Best regards,
Florian
You already have FortiCare Premium (Enhanced/Technical Support: Premium) with the 40F. That's all you need to maintain to be able to upgrade to 7.6.x.
Toshi
I'm having a similar issue with an old 90D, can't upgrade and says that the firmware/general update license is expired. Though, we were able to connect to the internet.
The 90D issue wouldn't be the same problem with 40F. Because that model has reached EOL/EOS(end of support) last year (Oct 2023). You wouldn't be able to upgrade it via FMG or FortiGuard.
Toshi
Hello @Floto ,
Can you please check firewall policy on the FortiGate and NAT rules and make sure that the traffic is allowed for the other FortiGate behind to Internet access. To add it to Fortimanager you can refer this document: https://docs.fortinet.com/document/fortimanager/6.4.0/examples/585894/adding-fortigate-devices-to-fo...
Hi HarshChavda,
thanks for your reply.
I know how to add a Forti to FMG, but normally the forti is in a diffrent branch and is connected through a VPN tunnel.
This is the first time i try to add a forti behind another forti without an VPN tunnel.
Hi Floto,
If you got the serial numbers, just follow the following procedure.
https://community.fortinet.com/t5/Customer-Service/Technical-Tip-Fortinet-product-registration-and-b...
I always search for an article before creating a post, most of the time someone already faced the same issue before and have written an article. :)
I have solved it. I forgot to set a static route for all traffic through the main fortigate. I knew it was a really easy solution.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.