FortiGate Trial License Activation: The Unspoken Requirements Behind Fortinet's Evaluation Access
.
FortiGate trial license activation guide: FortiCare account requirements, permanent trial mode limitations, and step-by-step VM evaluation procedures.
The Gatekeepers of Evaluation Access
Fortinet's FortiGate virtual machines no longer ship with automatic evaluation credentials. What once began as a straightforward 15-day trial embedded in the VM image now demands deliberate registration through FortiCare, Fortinet's customer support portal. This shift reflects a broader industry movement toward controlled evaluation access, but it introduces friction for security professionals seeking to test the platform before procurement decisions.
The permanent trial mode, introduced in FortiOS 7.2.1, replaced the time-limited evaluation period with a non-expiring license that carries functional constraints. Understanding these constraints—and the precise steps required to activate them—separates successful deployments from abandoned proof-of-concept efforts.
Prerequisites: The Non-Negotiable Foundation
FortiCare Account Registration
Activation begins before the virtual machine powers on. Administrators must establish a FortiCare or FortiCloud account through Fortinet's Customer Service & Support site. This credential set serves as the authentication mechanism for license validation and feature entitlement. Without it, the FortiGate-VM GUI presents limited functionality and cannot access FortiGuard services, even in evaluation mode.
Network Connectivity Requirements
Internet access remains mandatory for the initial activation sequence. The FortiGate-VM must reach FortiCloud infrastructure to validate credentials and retrieve license agreements. Organizations operating in air-gapped environments must follow alternative procedures: registering the device on a connected system, downloading the offline license file, and manually uploading it to the isolated instance.
Activation Workflow: From GUI to Operational Status
Step 1: Initial Access Configuration
After deploying the FortiGate-VM image to your hypervisor (KVM, VMware ESXi, Hyper-V, or Xen), configure the management interface with a reachable IP address. Launch a web browser and navigate to this address to access the administrative interface.
Step 2: Trial Selection and Authentication
At the login prompt, select the Free Trial option. The interface then presents two paths: Login with FortiCloud for existing account holders, or Register with FortiCloud for new users. This bifurcation streamlines the process but requires careful attention—selecting the wrong option forces a restart of the authentication sequence.
Step 3: Registration Code Entry and License Retrieval
For the 60-day trial variant, administrators enter a provided registration code in the designated field. The system validates this code against Fortinet's licensing database, then generates a .lic file containing the entitlements. Download this file to your local system. For permanent trial mode, this step may be bypassed if the FortiCare account already holds evaluation privileges.
Step 4: License Upload and Validation
Navigate to the System > License section of the FortiGate GUI. Use the upload function to import the downloaded .lic file. The system validates the cryptographic signature and applies the feature set. A successful activation displays the license status as "Active" with an expiration date (for 60-day trials) or "Permanent Evaluation" designation.
Permanent Trial Mode: Capabilities Within Constraints
The permanent evaluation license eliminates time pressure but imposes architectural limitations designed to prevent production deployment without commercial licensing:
- Encryption restrictions: Only low-strength encryption algorithms are permitted, limiting compliance with standards requiring AES-256 or stronger
- Resource ceilings: Maximum allocation of 1 virtual CPU and 2GiB memory restricts throughput and concurrent session capacity
- Virtual domain limits: Three VDOMs maximum constrains multi-tenant or segmented network designs
- Feature exclusions: Advanced threat protection, sandboxing integration, and certain SD-WAN capabilities remain unavailable
These boundaries serve a dual purpose: they enable meaningful functional testing while preserving the commercial value of full licenses. Security architects should evaluate whether these constraints align with their proof-of-concept objectives before investing deployment effort.
Troubleshooting Activation Failures
Connectivity Diagnostics
When activation stalls, verify outbound connectivity from the FortiGate-VM to FortiCloud endpoints. Common obstacles include upstream firewalls blocking HTTPS traffic, proxy configurations requiring explicit allowlists, or DNS resolution failures preventing domain lookup. Use the FortiOS CLI command execute ping service.fortinet.com to test basic reachability.
Account and Registration Issues
Incorrect FortiCare credentials or expired registration codes generate authentication errors. Confirm that the account used for registration matches the one attempting activation. For offline deployments, ensure the downloaded license file corresponds to the specific VM serial number—mismatched identifiers cause validation failures.
Hypervisor-Specific Considerations
KVM deployments may require additional network bridge configuration to ensure the management interface receives a routable address. VMware environments sometimes need explicit port group assignments for internet-bound traffic. These infrastructure details, while peripheral to licensing logic, frequently interrupt the activation workflow.
Frequently Asked Questions
What distinguishes the 60-day trial from permanent trial mode?
The 60-day trial provides full feature access for a limited duration, while permanent trial mode offers indefinite access with functional and resource limitations. Permanent mode requires FortiOS 7.2.1 or later and a validated FortiCare account.
Can I convert a trial license to a commercial license without reconfiguration?
Yes. Uploading a purchased license file to a trial-activated FortiGate-VM preserves existing configuration and policies. The transition requires no system reset or topology changes.
What happens when a 60-day trial expires?
The FortiGate-VM continues operating with basic firewall functionality but loses access to FortiGuard services, feature updates, and technical support. Administrative access remains available for license renewal or migration planning.
Is internet access required for ongoing operation after activation?
No. Once the license file is uploaded and validated, the FortiGate-VM operates independently. Internet connectivity is only necessary for initial activation, periodic license validation (if configured), and FortiGuard service updates.
Can I use the permanent trial license in a production environment?
Technically possible but inadvisable. The resource and encryption limitations violate most enterprise security policies and compliance frameworks. The permanent trial serves evaluation and lab purposes exclusively.