Description Entitlements are not applied after installing a subscription license key.
License Information Dashboard panel displays BASE level license
"licensetool -key EFFECTIVE" CLI command displays BASE level license
Scope Version: 8.x, 9.x
Verify whether or not the appliance can successfully reach FortiCloud for entitlement information. Login to the appliance CLI as root and type
The resulting output should display the appropriate entitlements.
> entitlementstool -poll description supportLevelDescription expirationDate __________________________ _______________________ ______________ Telephone Support 24x7 2027-04-08 FortiNAC VM FortiNAC Pro 2024-04-08 IoT Detection Web/Online 2027-04-08 Vulnerability Management Web/Online 2027-04-08 Firmware & General Updates Web/Online 2027-04-08 Enhanced Support 24x7 2027-04-08 COMP 24x7 2027-04-08 Effective Count=500 Effective Level=PRO
Polling returns with incorrect entitlements: Login to the Customer Portal and verify License entitlements. For assistance, contact Customer Service.
No entitlements are displayed or the prompt is never returned: This suggests the appliance cannot reach FortiCloud.
1. FortiNAC polls fds1.fortinet.com using TCP port 443. Ensure this port is allowed outbound to the internet from eth0. Refer to the Open Ports section of the Deployment Guide.
2. Verify entitlements are applied once the poll is successful. Type
licensetool -key EFFECTIVE
The entitlements should now display.
Results still show BASE level entitlements (Virtual Appliance):
> licensetool -key EFFECTIVE EFFECTIVE: serial = FNVMCATMxxxxxxxxx type = NetworkControlApplicationServer level = BASE count = 0 expiration = 0 expired = false mac = <MAC address> uuid = <UUID> certificates = [xxxxxxxxxxxxxxxxxxx, xxxxxxxxxxxxxxxxxxxxx]
The poll function uses the serial number to
look up entitlements. To apply the entitlements, there is a certificate
included in the key that must be present. If the certificate is missing from the key or not complete, the certificate will not be validated and entitlements will not
Possible cause: The license key content may have been truncated during license installation.
Solution: Re-download the key from the customer portal and re-install using the Administration UI. For instructions, see License management in the Administration Guide. If copying and pasting the key content, ensure all characters have been copied. To avoid the risk of truncation, upload the text file itself.
Results still show BASE level entitlements (Hardware Appliance):
Possible cause: The shipped key file is missing certificates.
To verify, type: licensetool -key FILE -file /bsc/campusMgr/.licenseKeyHW
Example of a key file missing certificates: FILE: serial = FN5HCATAxxxxxxxx type = NetworkControlApplicationServer level = BASE count = 0 expiration = 0 expired = false mac = xx:xx:xx:xx:xx:xx uuid = 00000000-0000-0000-0000-000000000000 <------ there should be a certificate line here
Solution: If certificates are missing from the .licenseKeyHW file or if .licenseKeyHW is missing entirely, then the unit must be RMA'ed.
Internal Notes /bsc/campusMgr/.licenseKeyHW is shipped with the unit. There is no way to re-generate a key containing certificates to download to the appliance. FortiCare can't issue certs for hardware appliances. See FortiCare ticket 5233728.