In this recipe, you verify that your FortiGate displays the correct FortiGuard licenses and troubleshoot any errors. You must register your FortiGate before FortiGuard licenses are shown.
Find this recipe for other FortiOS versions
5.2 | 5.4 | 6.0
1. Viewing your licenses |
|
|
To view your licenses, go to the Dashboard and find the Licenses widget. The FortiGuard licenses are listed, with their status indicated:
|
 |
|
The widget only displays licenses for features you enabled in Feature Visibility. To enable more features, go to System > Feature Visibility. The Web Filtering license only appears as active when a web filter profile is applied to a firewall policy. |
|
| You can also view FortiGuard license information by going to System > FortiGuard. |  |
2. Troubleshooting |
|
|
If you need to add or renew a subscription, go to Fortinet Support. If a license that should be active is not currently available, you can use the following steps to troubleshoot your connection. After each troubleshooting step, go to System > FortiGuard to check if the licenses are now shown as available. |
|
Connecting to FortiGuardTo prompt your FortiGate to connect to FortiGuard, connect to the CLI and use the command shown below: diagnose debug application update -1 diagnose debug enable execute update-now If your FortiGate has multiple VDOMs, make sure that you use the management VDOM and that the VDOM has Internet access. To set the proper VDOM as the management VDOM, use the following command: config system global set management-vdom <VDOM_name> end |
|
Checking FortiGuard filteringTo test if FortiGuard is reachable, go to System > FortiGuard. |
|
|
Under Filtering, check Filtering Services Availability. If you don’t see a green check mark, select Check Again. If you are still don’t see a green check mark, change the FortiGuard Filtering Port to the alternate port (8888). Select Apply and see if the services become available. |
|
Testing the DNSTo test if your DNS can reach FortiGuard, use the following CLI command: execute ping guard.fortinet.net If you are able to reach the address, run the following command: diagnose debug application update -1 diagnose debug enable execute update-now If you cannot reach the address, go to System > DNS and verify that the settings are correct. Then run the PING test again. |
|
Contacting SupportIf you are still unable to connect, contact Fortinet Support. |
|
3. Results |
|
Go to the Dashboard and view the Licenses widget. Any subscribed services should have a  beside it. |
 |
| Go to System > FortiGuard. Features and services you are subscribed to should have a green check mark beside it. |  |
For further reading, check out FortiGuard in the FortiOS 6.0 Handbook.
The post Verifying FortiGuard licenses and troubleshooting appeared first on Fortinet Cookbook.