Starting with FortiOS 7.2.1, Fortinet removed built-in 15 days free evaluationlicense from the Fortigate VM images. It was replaced with the permanentevaluation license, still free. The steps to get it have changed - you nowhave to create a free Forticare/FortiCloud account, and use it inside theFortigate GUI to activate this evaluation license. The license will be generatedand added to your Forticloud account automatically.
Unfortunately, there are new limitations as well:
Security Rules: the limit is 3, instead of 5.
Number of routes: the limit is also 3, while was unlimited before. This means severe limiting of dynamic protocols labs like OSPF/BGP. Currently (FortiOS 7.2.1) , though, there is no actual enforcement of this limit - I configured BGP and few static routes, 6 all in all, and it worked without any issue.
Number of interfaces: maximum 3, was unlimited. This counts also interfaces that are in state disabled/down. And on top of it, it also counts Loopback interfaces as well.
One license per one FortiCloud account: this means that to have multiple evaluation licenses for multiple Fortigates, we need to create multiple FortiCloud accounts, nuisance but doable. The accounts are still free of charge.
The rest of limitations: additional limitations (CPU/Memory/etc.) that were present in 15 days license, are still enforced as well. See the reference at the bottom for details.
Internet access: Fortigate VM has to have Internet access to activate the license. The alternative is having Fortimanager to do so.
Let’s Encrypt Certificates - even though, we have now normal encryption for admin https access, the ACME daemon for provisioning SSL/TLS certificates willnot run.
Now, to the visual guide of how to issue this free evaluation license for yourvirtual Fortigate.
BTW: The only addition (and not subtraction) in this new evaluation licensing is that we can nowaccess management web GUI of the Fortigate via regular https not only http asbefore.
First, download VM image for your virtualization platform, as usual:
Then install it as before. I did it in the VMWare Workstation here. On the 1stboot we can see that the license status is invalid:
Next step is to login to the Fortigate GUI. We will be presented with this page,where we can enter the Forticare/FortiCloud account. The account does not haveto be a paying account, the free account is enough.
Upon clicking OK, the Fortigate will contact Fortiguard servers, and willissue itself a license automatically. Here is the license status after thesuccessful activation:
Debug if something goes wrong
You can get various error messages trying to activate the evaluation license,like Error downloading license: Invalid serial number, or Failed to downloadVM license. There can be few reasons for that:
This Fortigate VM does not have access to the Internet.
The Fortigate VM cannot resolve correctly via DNS Fortiguard-related domains.
You are trying to register the Fortigate VM with the Forticare/Forticloud account that already has another evaluation registered to it.
Finally, not frequently, but happens that FortiGuard servers are having areachability issues, and you need to wait and try later.
To diagnose these problems, you may run the following commands:
exe ping service.fortiguard.net, exe ping update.fortiguard.net to verifyDNS resolving and Internet accessibility.
get sys stat, diagnose debug vm-print-license to see the current licensestatus on the Fortigate. The valid license output will look like:
FGT-7-2-4 # diagnose debug vm-print-licenseSerialNumber: FGVMEV_ATFDMNL66CreateDate: Sun Nov 6 12:27:13 2022UUID: 564d5a668795856cbd9d9b2939a7eff8Key: yesCert: yesKey2: yesCert2: yesModel: EVAL (1)CPU: 1MEM: 2048VDOM license: permanent: 2 subscription: 0
diagnose hardware sysinfo vm full to see the license status as the FortiGuardservers see it:
FGT-7-2-4 # diagnose hardware sysinfo vm fullUUID: 564d5a668795856cbd9d9b2939a7eff8valid: 1status: 1code: 0warn: 0copy: 0received: 5330050190warning: 4294940124recv: 202303060746dup:
execute vm-license, exe update now to re-initiate process of requesting the license. Onsuccess will show:
FGT-7-2-4 # execute vm-licenseTrial license exists.
Resources:
Older, before FortiOS 7.2.1, versions still come with the 15 days evaluation license. You can read more on this at https://yurisk.info/2021/02/28/fortigate-vm-evaluation-license-15-days-limitations/
The download URL as well as the process did not change, the video walkthrough of downloading free VM Fortigate image can be found here: https://yurisk.info/2022/04/13/where-to-download-fortigate-free-trial-vm/
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what Ipublish on Linkedin, Github, blog, and more.
