Verifying FortiGuard licenses and troubleshooting

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you verify that your FortiGate displays the correct FortiGuard licenses and troubleshoot any errors. You must register your FortiGate before it can show your FortiGuard licenses.

Find this recipe for other FortiOS versions
5.2 | 5.4 | 6.0

1. Viewing your licenses

To view your licenses, go to the Dashboard and find the Licenses widget.

The FortiGuard licenses are listed, with their status indicated:

  • A green check mark indicates an active license.
  • A gray question mark indicates an unavailable license.
  • A license highlighted in orange is either unlicensed or expires soon.
  • A license highlighted in red is expired.

 

 

The widget only displays licenses for features you enabled in Feature Visibility. To enable more features, go to System > Feature Visibility.

The Web Filtering license only appears as active when a web filter profile is applied to a firewall policy.

You can also view FortiGuard license information by going to System > FortiGuard.

2. Troubleshooting

If you need to add or renew a subscription, go to Fortinet Support.

If a license that should be active isn’t currently available, you can use the following steps to troubleshoot your connection. After each troubleshooting step, go to System > FortiGuard to check if the licenses are now showing as available.

Connecting to FortiGuard

To prompt your FortiGate to connect to FortiGuard, connect to the CLI and use the following command:

diagnose debug application update -1
diagnose debug enable
execute update-now

If your FortiGate has multiple VDOMs, make sure that you use the management VDOM and that the VDOM has Internet access. To set the proper VDOM as the management VDOM, use the following command:

config system global
  set management-vdom <VDOM_name>
end

Checking FortiGuard filtering

To test if FortiGuard is reachable, go to System > FortiGuard.

Under Filtering, check Filtering Services Availability. If you don’t see a green check mark, select Check Again.

If you still don’t see a green check mark, change the FortiGuard Filtering Port to the alternate port (8888). Select Apply and see if the services become available.

Testing the DNS

To test if your DNS can reach FortiGuard, use the following CLI command:

execute ping guard.fortinet.net

If you can reach the address, run the following command:

diagnose debug application update -1
diagnose debug enable
execute update-now

If you can’t reach the address, go to System > DNS and verify that the settings are correct. Then run the PING test again.

Contacting Support

If you still can’t connect, contact Fortinet Support.

3. Results

Go to the Dashboard and view the Licenses widget. Any subscribed services should have a beside it.
Go to System > FortiGuard. Features and services you’re subscribed to should have a green check mark beside them.

For further reading, check out FortiGuard in the FortiOS 6.0 Handbook.

Victoria Martin

Victoria Martin

Technical Writer at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin
  • Was this helpful?
  • Yes   No
When you apply the profile, a warning will appear stating that web filtering doesn’t have a valid license. You can ignore this for the moment.
If you’re updating FortiGuard using a FortiManager, the FortiGuard Filtering Port can also be 80.