Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
david_ekstrom
New Contributor II

Allowing Microsoft KMS activation

NEED:  To allow an external KMS server (we trust the external IP) to communicate back and forth with our internal server subnet for Windows activation, BUT...

 

PROBLEM: the KMS server has to see the traffic coming to it from a trusted IP-space.  Our firewall external IP is not in their trusted IP-space, and they don't whitelist IPs from other providers.  Can I put policies in place to allow the KMS server to see the IPs of our internal servers?  If so, how?

(faked IPs below)

 

KMS Server:  50.100.100.200

Our firewall External IP:  60.120.120.1   (Fortigate 200E, running FortiOS 7.0.9)

Our internal IP subnet:  172.10.10.0/255.255.255.0  (I believe this is considered trusted IP-space, as these are VMs hosted by the same company that has the KMS server)

 

I should have added, the KMS server only responds on port 1227

 

Thanks for the help,

David

1 REPLY 1
limnakhau
New Contributor

I have to do a windows license renewal for one of company clients and they're looking to add a KMS to manage all the licenses.

My question is do I need separate license for KMS service? When I check on MS website they mentioned something called KMS Host license but I'm not sure what it is? And when I asked from the local MS distributor he said I don't need any additional license and I just have to enable the KMS service on a windows server.

https://9apps.ooo/
Labels
Top Kudoed Authors