- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- When creating new VMs on Promox 8.x or higer , the...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When creating new VMs on Promox 8.x or higer , the VM license validation fails for FortiOS VMS (Fort
When creating new VMs on Promox 8.x or higer , the VM license validation fails for FortiOS VMS (FortiGate/FortiAnalyzer/FortiManager etc).
Time of writing June 2024 using Proxmox 8.2.2
This can be validated by showing the current UUID inside the FortiOS VM.
(FortiGate VM used in examples)
# diagnose hardware sysinfo vm full
UUID: 00000000000000000000000000000000
The UUID will either show all 0's or conflict with an existing running instance.
This UUID can be altered in Promox, but the VM needs to be shut down to alter these settings.
GUI : The UUID of the VM can be found when opening the VM settings > Options page > SMBIOS settings (type 1).
CLI : Use qm config <VMID> | grep uuid. Replace <VMID> with the ID of the VM.
It should have a UUID in the form of a large number and letter sequence.
If the UUID in Promox is missing create a new UUID. This is rare as this value is automatically created on a new instance.
The UUID needs to be unique for every FortiOS VM in existence when contacting the licensing service.
It needs to be in hexadecimal notation (0-9,a-f), thus the UUID in the example is invalid to prevent it from being used.
This UUID will show in FortiOS when using the # diagnose hardware sysinfo vm full command.
Note that the - are shown in Promox, but the UUID in FortiOS will remove these and show all 32 characters as single string.
Example Promox is uuid=12345678-xxxx-1234-xxxx-1234abcd1234
Example FortiOS will be UUID: 12345678xxxx1234xxxx1234abcd1234
If there is a UUID in Proxmox but does not match the UUID from the command in FortiOS, it's most likely parsed incorrectly.
In most cases the UUID in FortiGate will show all 0's indication it can't read the value set in Proxmox.
Proxmox 8.x and higher creates new VMs based on QEMU 8.1+ with SMBIOS 3.0 as default.
SMBIOS 3.0 uses a 64-bit mechanism for the UUID, while SMBIOS 2.8 uses a 32-bit mechanism.
FortiOS (up to 7.4.x) uses the 32-bit mechanism to read the UUID from the SMBIOS.
If the SMBIOS is on version 3.0 and not adjusted,this breaks the query of the UUID set in the SMBIOS.
It causes FortiOS to show UUID 000000000000000000 (or an incorrect UUID), which results in an invalid / duplicate license detection.
External References :
This can be fixed in two different ways by the user after validating a UUID is set in Proxmox.
1) Change the bios version to 7.2 to force SMBIOS to use the 32 bit value.
This lowers the QEMU BIOS and might have impact on (future) features.
It's recommended to use the other option, but will require the usage of CLI and thus local login priviliges.
In GUI :
Open the VM Hardware page.
Edit the "Machine" setting stating i440fx or q35.
Select the Advanced button to show the various hardware versions.
Change the version from latest to 7.2 and press OK.
In Proxmox CLI:
Local login priviliges to the CLI of the Promox instance is required.
From the Proxmox CLI this can be done using the qm set <VMID> --machine=<TYPE>.
Replace <VMID> with the ID of the VM and replace <TYPE> with either pc-q35-7.2 or pc-i440fx-7.2.
The string does not have to be in brackets or quotes.
Example : qm set 12345 --machine=pc-q35-7.2
2) Keep the bios version, but inform the VM to use the 32-bit flag in SMBIOS.
This keeps the QEMU BIOS on the latest version.
This step can't be performed on the GUI (current 8.2.2 at time of writing)
Local login priviliges to the CLI of the Promox instance is required.
In Proxmox CLI:
From the Proxmox CLI this can be set using the qm set <VMID> --args="-machine smbios-entry-point-type=32".
Using the command will overwrite any existing value present.
It's advised to check for an existing value.
Use qm config <VMID> | grep args to check if there is any value present.
Copy any existing value and create a new value with -machine smbios-entry-point-type=32 at the end.
It's advised the keep the entire value string between quotes (")
Replace <VMID> with the ID of the VM.
Example : qm set 12345 --args="-machine smbios-entry-point-type=32"
The VM can now be started.
Validate the UUID with
# diagnose hardware sysinfo vm full
This should show the same value in Proxmox as in FortiOS minus the - set in Proxmox.
The license should now be able to validate and the VM will reboot after succesful license retrieval.
Consultant @ Exclusive Networks BV
Datacenter Networking and Security
FCSS EFW/SDWAN
Fortinet, HPe/Aruba, Arista, Juniper and many more
Consultant @ Exclusive Networks BV
Datacenter Networking and Security
FCSS EFW/SDWAN
Fortinet, HPe/Aruba, Arista, Juniper and many more
Labels:
- Labels:
-
FortiAnalyzer
-
FortiGate
-
FortiManager
0 REPLIES 0
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
Labels
-
FortiGate
7,159 -
FortiClient
1,412 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
456 -
6.0
416 -
FortiAP
376 -
FortiSwitch
373 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
93 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
34 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
Routing
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Application control
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
SSL SSH inspection
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiAP profile
7 -
SNMP
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1062 | |
| 889 | |
| 527 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.