Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalomo
Staff
Staff

Created on ‎12-18-2017 01:53 AM

Article Id 190534

Technical Note: VM License activation

Description
The UUID is an unique id generated by a VM instance.  It is based on many factors (hardware resources such as CPU, RAM, hard disk, etc.) and should be unique among different VM instances (even with same VM serial number).  Technically there can be multiple VM instances running with a same SN (with different UUIDs). However, Fortinet only allow one active VM instance running at any time, FDN servers will use SN and UUIDs to check and validate for multiple VM instances if any.

If a VM instance has been activated by an UUID, another VM instance with a different UUID cannot be activated.  A running VM instance will send VMSetup packets (with its SN and UUID inside) to FDN servers every hour to refresh FDN cache about its information.  Another VM instance with the same SN and different UUID cannot be activated until the FDN cache expires.  If the current VM instance is still running, it will send VMSetup commands to FDN servers hourly.  Cached information about its SN and UID on FDN servers will be refreshed every hour.  There is no way to remove it.  If the VM is shutdown so that it stops sending VMSetup commands, cached information on FDN servers will expire after 90 minutes.

Solution
Use the following command to verify the instance UUID:
#diagnose hardware sysinfo vm full

UUID:     4396b64b2db740ca8e2860363ae0a197
valid:    1
status:   1
code:     200   <---- 200 is successful license validation, 401 is non successful license validation
warn:     0
copy:     0
received: 4728657918
warning:  0
recv:     201711301401
dup:

In order to verify the VMSetup command (Serial number and UUID) sent to the FDN servers use the following debug:
#diagnose debug application update -1
#diagnose debug enable
#execute update-now
…………………………………………..
upd_daemon[895]-Doing vm setup request because it's been too long
do_setup[217]-Starting SETUP
upd_act_setup[191]-Trying FDS 173.243.138.78-443
pack_obj[180]-Packing obj=Protocol=3.0|Command=VMSetup|Firmware=FGVMK6-FW-5.04-1138|SerialNumber=FGVM0100000XXXXX|Connection=Internet|Address=192.168.1.1:9443|Language=en-US|TimeZone=-8|UpdateMethod=1|Uid=4396b64b2db740ca8e2860363ae0a197
get_fcpr_rsp_code[286]-Unpacked obj: Protocol=3.0|Response=200|Firmware=FPT033-FW-6.5-0065|SerialNumber=FPT-FDS-DELL0063|Server=FDSG|Persistent=false
upd_vm_cfg_set_status[282]-Saved status code 200
do_setup[267]-SETUP successful 

Labels:
13682
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.