Skip to content

License Activation and Renewal

FortiGate has multiple license tiers tied to your FortiCare account:

  • FortiCare Support — hardware support / RMA.
  • FortiGuard AntiVirus — AV signature updates.
  • FortiGuard IPS — IPS signature updates.
  • FortiGuard Web Filtering — URL category data.
  • FortiGuard Antispam — email reputation.
  • FortiGuard Industrial Security — SCADA / IoT signatures.
  • Cloud Sandbox — file detonation.
  • FortiToken Mobile — MFA token licenses.
  • AI/ML — virus heuristics.

Each is a separate subscription. Without active licenses, FortiGate signature databases go stale (still works, but less effective against new threats).

Steps

Register the unit with FortiCare (first-time)

  1. Dashboard → Status → Licenses widget.
  2. If unit shows "Not Registered":
    • Click Register OR go to support.fortinet.com.
    • Log in with your FortiCare account.
    • Asset Management → Register More → enter serial number.
  3. After registration, the FortiGate's "Licenses" widget should refresh and show subscription status.

Activate licenses

For new licenses (purchased separately):

  1. Buy from a partner; you get a registration code.
  2. support.fortinet.com → Asset Management → enter code.
  3. License is bound to your serial.
  4. On FortiGate: System → FortiGuard → Update licenses now.

📸 Screenshot needed

Dashboard → Status → Licenses widget, showing multiple license rows with expiry dates and renewal links.

Check current licenses

get system fortiguard
get system fortiguard-service-info
diagnose autoupdate versions

Returns current subscription status, signature dates, and validity.

Renew expiring licenses

  1. Sales/partner provides renewal codes (or auto-renews on contract).
  2. Register the renewal code on support.fortinet.com.
  3. On FortiGate: System → FortiGuard → Update licenses now.

Expiry is per-license, not per-device. FortiCare can be active while FortiGuard expires, or vice versa.

When Licenses Expire

  • AV / IPS / Web Filter signatures stop updating. Existing signatures still work; new threats not covered.
  • Cloud Sandbox blocks file submissions.
  • FortiToken Mobile — existing tokens keep working; can't allocate new ones.
  • Banner appears in GUI warning of expiry.

Plan renewals 30 days before expiry to give time for paperwork and to handle "license bind transfer" if you've replaced hardware.

Hardware Replacement (RMA)

Different serial = different licenses. Process:

  1. RMA the failed unit; receive replacement.
  2. Open ticket with Fortinet TAC asking for license transfer from old serial to new.
  3. They process; usually 1-3 business days.
  4. After transfer, register the new serial under your FortiCare and activate.

CLI Equivalent

# Force a manual license / signature update:
execute update-now
execute update-av
execute update-ips
execute update-webfilter

Common Issues

  • "Not Registered" persists. Outbound HTTPS to FortiGuard blocked. Check firewall: execute ping update.fortiguard.net.
  • License shows expired but I just renewed. FortiGuard needs to refresh. Wait 5-10 minutes or manually trigger execute update-now.
  • Wrong device received the license. License bound to serial — open TAC ticket.
  • Pre-owned FortiGate. Licenses don't transfer to new owners. Renew from scratch.