Fortigate free VM Evaluation License is now permanent, not limited to 15 days, here is how to get it.

Mon 08 August 2022 in Fortigate

#Fortigate

Starting with FortiOS 7.2.1, Fortinet removed built-in 15 days free evaluation license from the Fortigate VM images. It was replaced with the permanent evaluation license, still free. The steps to get it have changed - you now have to create a free Forticare/FortiCloud account, and use it inside the Fortigate GUI to activate this evaluation license. The license will be generated and added to your Forticloud account automatically.

Unfortunately, there are new limitations as well:

Security Rules: the limit is 3, instead of 5.
Number of routes: the limit is also 3, while was unlimited before. This means severe limiting of dynamic protocols labs like OSPF/BGP. Currently (FortiOS 7.2.1) , though, there is no actual enforcement of this limit - I configured BGP and few static routes, 6 all in all, and it worked without any issue.
Number of interfaces: maximum 3, was unlimited. This counts also interfaces that are in state disabled/down. And on top of it, it also counts Loopback interfaces as well.
One license per one FortiCloud account: this means that to have multiple evaluation licenses for multiple Fortigates, we need to create multiple FortiCloud accounts, nuisance but doable. The accounts are still free of charge.
The rest of limitations: additional limitations (CPU/Memory/etc.) that were present in 15 days license, are still enforced as well. See the reference at the bottom for details.
Internet access: Fortigate VM has to have Internet access to activate the license. The alternative is having Fortimanager to do so.
Let’s Encrypt Certificates - even though, we have now normal encryption for admin https access, the ACME daemon for provisioning SSL/TLS certificates will not run.

Now, to the visual guide of how to issue this free evaluation license for your virtual Fortigate.

BTW: The only addition (and not subtraction) in this new evaluation licensing is that we can now access management web GUI of the Fortigate via regular https not only http as before.

First, download VM image for your virtualization platform, as usual:

Then install it as before. I did it in the VMWare Workstation here. On the 1st boot we can see that the license status is invalid:

Next step is to login to the Fortigate GUI. We will be presented with this page, where we can enter the Forticare/FortiCloud account. The account does not have to be a paying account, the free account is enough.

Fortigate free vm license activation page

Upon clicking OK, the Fortigate will contact Fortiguard servers, and will issue itself a license automatically. Here is the license status after the successful activation:

Fortigate evaluation license status-after-activation

Debug if something goes wrong

You can get various error messages trying to activate the evaluation license, like Error downloading license: Invalid serial number, or Failed to download VM license. There can be few reasons for that:

This Fortigate VM does not have access to the Internet.
The Fortigate VM cannot resolve correctly via DNS Fortiguard-related domains.
You are trying to register the Fortigate VM with the Forticare/Forticloud account that already has another evaluation registered to it.
Finally, not frequently, but happens that FortiGuard servers are having a reachability issues, and you need to wait and try later.

To diagnose these problems, you may run the following commands:

exe ping service.fortiguard.net, exe ping update.fortiguard.net to verify DNS resolving and Internet accessibility.

get sys stat, diagnose debug vm-print-license to see the current license status on the Fortigate. The valid license output will look like:

FGT-7-2-4 # diagnose debug vm-print-license
SerialNumber: FGVMEV_ATFDMNL66
CreateDate: Sun Nov  6 12:27:13 2022
UUID: 564d5a668795856cbd9d9b2939a7eff8
Key: yes
Cert: yes
Key2: yes
Cert2: yes
Model: EVAL (1)
CPU: 1
MEM: 2048
VDOM license:
  permanent: 2
  subscription: 0

diagnose hardware sysinfo vm full to see the license status as the FortiGuard servers see it:

FGT-7-2-4 # diagnose hardware sysinfo vm full
UUID:     564d5a668795856cbd9d9b2939a7eff8
valid:    1
status:   1
code:     0
warn:     0
copy:     0
received: 5330050190
warning:  4294940124
recv:     202303060746
dup:

execute vm-license, exe update now to re-initiate process of requesting the license. On success will show:

FGT-7-2-4 # execute vm-license
Trial license exists.

Resources:

Older, before FortiOS 7.2.1, versions still come with the 15 days evaluation license. You can read more on this at https://yurisk.info/2021/02/28/fortigate-vm-evaluation-license-15-days-limitations/
The download URL as well as the process did not change, the video walkthrough of downloading free VM Fortigate image can be found here: https://yurisk.info/2022/04/13/where-to-download-fortigate-free-trial-vm/
License and other services debug cheat sheet on Github

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.