Home

FortiGate License Activation Guide: Essential Steps for BYOL, PAYG, and Trial Users

.

FortiGate firewalls are enterprise-grade security solutions widely used to protect network infrastructures. However, their advanced features and services require proper license activation to function fully. Many administrators encounter hurdles during this process, leading to deployment delays and potential security gaps. Whether you're working with a physical appliance or a virtual machine (VM), understanding how to navigate Fortinet's licensing system is crucial for operational success. This guide synthesizes official documentation and expert resources to provide a clear, comprehensive walkthrough for activating FortiGate licenses across various models, helping you unlock the complete functionality of your security device and ensure uninterrupted protection.

Understanding FortiGate Licensing Models

FortiGate offers several licensing options tailored to different deployment and purchasing preferences. The BYOL (Bring Your Own License) model is common for organizations that purchase licenses separately from hardware, often through a Fortinet partner. After purchase, you receive a PDF containing an activation code, which you must register on Fortinet's support portal to generate a downloadable .lic file. In contrast, the PAYG (Pay-As-You-Go) model, typically used in cloud environments like GCP, involves licensing costs bundled with the operational expense of the VM. Activation requires registering the device's serial number through the support portal. Additionally, Fortinet provides a 60-day evaluation license for testing, which follows a similar activation process but is time-bound. For High Availability (HA) clusters, special considerations apply, though specific community discussions on this topic were inaccessible at the time of writing.

Step-by-Step License Activation Process

1. Preparation and Account Setup

Before beginning activation, ensure you have the necessary information. For BYOL, locate the PDF from your Fortinet partner containing the registration code. For PAYG or trial licenses, you will need the FortiGate's serial number, found on the device or within its GUI dashboard under "System Information." Next, access the Fortinet support portal. If you don't have an account, visit support.fortinet.com and select "Register" to create one. A valid account is mandatory for all license management activities and links your devices to your organization for support and updates.

2. Registering Your License or Device

Log into the Fortinet support portal and navigate to Asset > Register/Activate. This is the central hub for license management.

  • For a BYOL or Trial License: In the "Registration Code" field, carefully enter the alphanumeric activation code from your PDF or trial email. Select "Next."
  • For a PAYG License: In the same field, enter the serial number of your FortiGate-VM instance. Select "Next."

The system will then guide you through entering additional details, such as your organization's information. For BYOL licenses, especially the S-series subscription model, the portal may prompt you to choose between "Register" (for a new serial number and license file) or "Renew" (to extend an existing license). Complete all required fields and agree to the license terms to proceed.

3. Downloading and Uploading the License File

Upon successful registration, the portal's final step will allow you to download the license file (a .lic file). Save this file to your local computer. The critical next step is to upload this file to your FortiGate device.

  1. Log into your FortiGate's web-based management GUI.
  2. Navigate to the System or Dashboard area. If the license is not active, the interface often prominently displays a license upload prompt.
  3. Locate the license upload section (sometimes under "System" > "FortiGuard" or via a "License" tab).
  4. Click "Upload" or "Select License File" and browse to the downloaded .lic file.
  5. Confirm the upload. The FortiGate will validate the file and, if successful, activate all licensed features.

Important Note: Official documentation warns that after registering a license on the support portal, Fortinet servers may take up to 30 minutes to fully propagate the new license information. If you receive an "invalid license" error upon upload, wait at least 30 minutes before retrying.

Troubleshooting Common Activation Issues

Even with careful steps, you might encounter obstacles. A frequent issue is the "invalid license" error upon uploading the .lic file. As noted, this is often a propagation delay; waiting is the first remedy. If the problem persists, double-check that you've downloaded the correct license file for your device's specific serial number.

Connectivity problems are another common hurdle. The FortiGate device and your management computer need unrestricted internet access to Fortinet's licensing servers (support.fortinet.com). Ensure no corporate firewall, proxy, or upstream security device is blocking this traffic. If you must route traffic through an explicit web proxy, some Fortinet applications (like FortiConverter) allow you to configure proxy settings within their interface under a "Proxy" tab. For general FortiGate connectivity, verify the device's DNS settings and routing table.

For PAYG licenses, a required but sometimes overlooked step is to contact Fortinet Customer Support after initial registration. You must provide them with your FortiGate instance's serial number and the email tied to your Fortinet account to complete the backend activation.

Best Practices for License Management

  • Centralize Documentation: Store all license PDFs, activation codes, and serial numbers in a secure, documented location. The PDF from your partner is your proof of purchase.
  • Use FortiCloud Registration: Beyond the basic license activation, registering your device on FortiCloud (Fortinet's cloud management platform) provides benefits like centralized monitoring, backup, and firmware update notifications.
  • Monitor Expiry Dates: Keep track of your license's expiration date through the FortiGate GUI (often on the main dashboard) or your Fortinet support portal account. Set calendar reminders for renewal well in advance to avoid service lapses.
  • HA Cluster Licensing: For High Availability setups, consult the latest official Fortinet documentation or contact support, as licensing in HA pairs has specific requirements to ensure both units operate correctly.

Frequently Asked Questions (FAQ)

Q: I've uploaded my license, but some features are still locked. What's wrong? A: This can happen if the license file doesn't include certain feature bundles (like FortiGuard services) or if there's a mismatch. Verify the license you purchased covers the features you need by checking the original order or PDF. Also, ensure the license has fully propagated by waiting 30 minutes and then rebooting the FortiGate.

Q: Can I transfer a license from one FortiGate to another? A: Generally, licenses are tied to the serial number of the specific hardware or VM they were originally registered to. Transferring a license usually requires contacting Fortinet Support or your partner to de-register it from the old device and re-register it to the new one, which may not always be permitted depending on the license type.

Q: My 60-day trial expired. Can I extend it? A: The standard 60-day evaluation is typically a one-time offering per device serial number. For continued use, you must purchase a full production license. For extended testing needs, speak with your Fortinet partner about potential evaluation unit programs.

Q: Do I need a license for basic firewall functionality? A: A FortiGate will operate with very limited functionality without any license—often just static routing and basic firewall policies. However, critical security services like Virus Definitions, IPS, Web Filtering, and VPN require an active license. Firmware updates also typically require a valid support license.

Q: Where can I get more help if I'm stuck? A: The primary resource is the Fortinet Support Portal (support.fortinet.com), which hosts the official documentation library. You can also open a support ticket there. Community discussions on the Fortinet Developer Network (FNDN) forums can be valuable for practical advice from other users and Fortinet experts.

Conclusion

Successfully activating your FortiGate license is a fundamental task that unlocks the powerful security capabilities you've invested in. The process is systematic: gather your code or serial number, register it through the support portal, download the .lic file, and upload it to your device. Paying attention to details like propagation delays and internet connectivity will smooth the path. By following this guide and leveraging the official Fortinet resources, you can ensure your firewall is fully licensed, receiving updates, and ready to provide robust protection for your network.