Adding FortiClient licenses to a cluster
Each FortiGate unit in a cluster must have its own FortiClient license. Contact your reseller to purchase FortiClient licenses for all of the FortiGate units in your cluster.
When you receive the license keys you can log into the Fortinet Support site and add the FortiClient license keys to each FortiGate unit. Then, as long as the cluster can connect to the Internet each cluster unit receives its FortiClient license key from the FortiGuard network.
Adding FortiClient licenses to cluster units with a reserved management interface
You can also use the following steps to manually add license keys to your cluster units from the web-based manager or CLI. Your cluster must be connected to the Internet and you must have configured a reserved management interface for each cluster unit.
1. Log into the -web-based manager of each cluster unit using its reserved management interface IP address.
2. Go to the License Information dashboard widget and beside FortiClient select Enter License.
3. Enter the license key and select OK.
4. Confirm that the license has been installed and the correct number of FortiClients are licensed.
5. Repeat for all of the cluster units.
You can also use the reserved management IP address to log into each cluster unit CLI and use following command to add the license key:
execute FortiClient-NAC update-registration-license <license-key>
You can connect to the CLIs of each cluster unit using their reserved management IP address.
Adding FortiClient licenses to cluster units with no reserved management interface
If you have not set up reserved management IP addresses for your cluster units, you can still add FortiClient license keys to each cluster unit. You must log into the primary unit and then use the execute ha manage command to connect to each cluster unit CLI. For example, use the following steps to add a FortiClient license key a cluster of three FortiGate units:
1. Log into the primary unit CLI and enter the following command to confirm the serial number of the primary unit:
get system status
2. Add the FortiClient license key for that serial number to the primary unit:
execute FortiClient-NAC update-registration-license <license-key>
You can also use the web-based manager to add the license key to the primary unit.
3. Enter the following command to log into the first subordinate unit:
execute ha manage 1
4. Enter the following command to confirm the serial number of the cluster unit that you have logged into:
get system status
5. Add the FortiClient license key for that serial number to the cluster unit:
execute FortiClient-NAC update-registration-license <license-key>
6. Enter the following command to log into the second subordinate unit:
execute ha manage 2
7. Enter the following command to confirm the serial number of the cluster unit that you have logged into:
get system status
8. Add the FortiClient license key for that serial number to the cluster unit:
execute FortiClient-NAC update-registration-license <license-key>
Viewing FortiClient license status and active FortiClient users for each cluster unit
To view FortiClient license status and FortiClient information for each cluster unit you must log into each cluster unit’s web-based manager or CLI. You can do this by connecting to each cluster unit’s reserved management interface if they are configured. If you have not configured reserved management interfaces you can use the execute ha manage command to log into each cluster unit CLI.
From the web-based manager, view FortiClient License status from the License Information dashboard widget and select Details to display the list of active FortiClient users connecting through that cluster unit. You can also see active FortiClient users by going to User & Device > Monitor > FortiClient.
From the CLI you can use the execute FortiClient {list | info} command to display FortiClient license status and active FortiClient users.
For example, use the following command to display the FortiClient license status of the cluster unit that you are logged into:
execute forticlient info
Maximum FortiClient connections: unlimited. Licensed connections: 114
NAC: 114
WANOPT: 0
Test: 0
Other connections: IPsec: 0
SSLVPN: 0
Use the following command to display the list of active FortiClient users connecting through the cluster unit. The output shows the time the connection was established, the type of FortiClient connection, the name of the device, the user name of the person connecting, the FortiClient ID, the host operating system, and the source IP address of the session.
execute forticlient list
TIMESTAMP TYPE CONNECT-NAME USER CLIENT-ID HOST-OS SRC-IP
20141017 09:13:33 NAC Gordon-PC Gordon 11F76E902611484A942E31439E428C5C Microsoft
Windows 7 , 64-bit Service Pack 1 (build 7601) 172.20.120.10
20141017 09:11:55 NAC Gordon-PC 11F76E902611484A942E31439E428C5C Microsoft Windows 7 ,
64-bit Service Pack 1 (build 7601) 172.20.120.10
20141017 07:27:11 NAC Desktop11 Richie 9451C0B8EE3740AEB7019E920BB3761B Microsoft
Windows 7, 64-bit Service Pack 1 (build 7601) 172.20.120.20