Working with licenses
Important
When an UUID is attached to a license, this UUID supersedes the one defined in the PoC for the VM using this license.
Important
Since FortiPoC 1.8.13, a VM UUID is automatically generated from the license serial number (for .lic file we use the filename)
Linking license
FortiPoC support different modes to apply license to a device:
No license
Auto
Selected
Fixed
No license
No license is installed on the device.
Auto
In auto mode, FortiPoC tries to apply a license to all devices in
Auto license mode.
Either it can find a license for all devices in Auto license mode, and the PoC can start.
Or it can not find a license for all devices in Auto license mode, and the PoC can also start.
If at least one device get a license and the others don’t, the PoC fails to start.
Selected
You can choose the license to use, it’s not a hardlink, if you remove
the license or export your PoC to someone, if the license is not
found, FortiPoC falls back to Auto mode.
Fixed
When you have chosen a license you can lock it, so if the license is missing on a next run, the PoC won’t start.
License Model
BYOL
For standard usage, FortiPoC relies on a Bring Your Own License
model. You can import license by the GUI or copy them by scp, ex:
scp my_licenses.zip my_FGT_license.lic admin@FORTIPOC_IP:license
License server
It’s possible to retrieve license from a specifically designed server. This kind of server is used by TAC.
FortiPoC can also act as a license server.
Configuring server
On the server you must copy licenses like the BYOL case. You can group
licenses together so clients part of a group will get licenses only
from their group. It can only be done by scp, in this case you
must specify the group during the copy, ex for group “wkshop1”:
scp my_licenses.zip my_FGT_license.lic admin@FORTIPOC_SRV_IP:license/wkshop1
On the client you must configure both the server and the group if you use it, ex:
set license server https://FORTIPOC_SRV_IP/
set license group wkshop1
You can move licenses between groups with execute licenses move group.
Exporting PoC
Licenses are never exported with the PoC, neither in standard export nor using the ISO provisionning mode.
License meta information
When you import a license to FortiPoC, you can import some meta information too.
You need to import two files at the same time (or stored together in a
zip file): the license ex: FADVCM0000000112.lic and the meta file,
ex: FADVCM0000000112.meta.
The meta file is a JSON UTF-8 file like:
{
"VERSION": 1,
"vmuuid": VMUUID,
"nb_cpu": NB_CPU,
"ip_address": IP_ADDRESS,
}
- VERSION
must be
1and assumed to be1if missing- VMUUID
the VM UUID string, ex:
"464F5254-4950-44F4-8305-7E8EED3ED487"or empty to use the default VM UUID generated from the license serial number (ex:FADVCM0000000112)- NB_CPU
the number of CPU to use with this license
- IP_ADDRESS
the IP address string associated to the license, ex:
"10.0.0.254"
Warning
In current FortiPoC the IP Address and NB CPUs are only informational and FortiPoC does NOT ensure the VM using the license matches these criteria.
Devices with license key
Some devices, like FAD CM, are not using a license file but a license key. To provide the key to FortiPoC you must store the key in a license file:
-----BEGIN <MODEL> LICENSE-----
THE_KEY
-----END <MODEL> LICENSE-----
The MODEL MUST be the model as in FortiCare support site with
spaces replaced by underscore, ex:
FortiADC CM => FortiADC_CM