Fortigate High Availability with 1 License
Background
This article was written on 01–Aug-22
I work for a small company but lucky enough to purchase 2x Fortigate.
Yet I still have to keep cost at minimum. So I am privileged to have hardware redundancy, but can I use only 1x license?
High Availability status
License status
But actually my newest Fortigate still have a valid license.
Even when your active device has a valid license, a HA configured Fortigate will take the oldest license.
Smart ….
So, how to use the valid license?
Using Fortiguard valid license
Essentially:
- We need to turn off the older Fortigate (without a valid license)
- Let the newer Fortigate (with valid license) fully take over
- Wait for a while until license is recognize by Fortiguard server
- Once you confirm that protection definitions are updated, turn on the older Fortigate
- Let the HA system replicate the updated protection definitions to the older device
- Confirm that your HA system has the latest protection definitions (even though license is again expired)
- Repeat this step as required
Commands
Turn off the older Fortigate
From CLI console type:
execute ha manage 0 <admin username>
execute shutdown
Monitor Fortiguard license until they got updated.
This may take 15–30 minutes (or maybe more)
Turn on the old fortigate again.
Do this by unplugging power and re-plug again. This is the only way.
Verify that HA is active and protection definitions are still the latest even when license is expired.
Enjoy!!