License expiration nearing for Fortinet

Vendor

Fortinet

Description

Indeni will alert when a license is about to expire.

Remediation Steps

Renew any licenses that need to be renewed.

1. Login via ssh to the Fortinet firewall and execute the FortiOS "get system fortiguard-service status" and "diag autoupdate versions" commands to list current update package versions and license expiry status.

2. Login via https to the Fortinet firewall and go to the menu System > Dashboard > Status to locate the License Information widget. All subscribed services should have a green checkmark, indicating that connections are successful. A gray X indicates that the FortiGate unit cannot connect to the FortiGuard network, or that the FortiGate unit is not registered. A red X indicates that the FortiGate unit was able to connect but that a subscription has expired or has not been activated.

3. Login via https to the Fortinet firewall to view the FortiGuard connection status by going to System > Config > FortiGuard menu.

4. Purchase additional licenses if are needed.

5. Consider enabling the alert email setting to the Fortinet firewall in order to receive an alert email prior to FortiGuard license expiration (notification date range: 1 - 100 days). The current alert email status can be provided with the next command: "get alertemail setting". More details can be found in the next link: https://docs.fortinet.com/uploaded/files/2798/fortigate-cli-ref-54.pdf

6. For more information about licensing review the next online article "Setting up FortiGuard services" : http://cookbook.fortinet.com/setting-fortiguard-services-54/

7. Contact Fortinet Technical support at https://support.fortinet.com/ for further assistance.

How does this work?

This script logs into the Fortigate using SSH and retrieves the antispam expiration date from the output of the "get system fortiguard" command. The "get system fortiguard" FortiOS command allows to view detailed information about antispam and webfilter settings.

Why is this important?

This script logs into the Fortigate using SSH and retrieves the antispam expiration date from the output of the "get system fortiguard" command. The "get system fortiguard" FortiOS command allows to view detailed information about antispam and webfilter settings.

Without Indeni how would you find this?

An adminisrator would need to log into the Fortinet firewall and manually check the expiration and last update of the license. A log message can notify the administrator about the license expiration date. This information can also be provided via FortiManager and FortiAnalyzer.


View Source Code