FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
ebujedo
Staff
Staff
Article Id 190004

Description


This article explains about FortiAuthenticator VMs license requirement when in High Availability environments.

 

Scope

 

FortiAuthenticator.


Solution

 

  • FortiAuthenticator VMs used in a HA cluster each require a license. Each license is tied to a specific IP address that has to be set in the support portal before the download. The IP can be changed afterward, but the license has to be installed again on the FortiAuthenticator.
  • In an HA cluster, all interface IP addresses are the same on the two units, except for the HA interface. 
  • Request each license based on either the unique IP address of the unit’s HA interface or the IP address of a non-HA interface, which will be the same on both units. 
  • When using A-A setup as a Load balancing HA (or LB-HA), that Load balancing slave does not have a dedicated HA interface, so you can use any interface setup on Load balancing slave for the license.
  • License for the FortiToken Mobile can be tied only to one FortiAuthenticator, and make sure that is tied to the primary FortiAuthenticator when requesting the tokens or transferring tokens from another device.
  • Iinstalling a changed license on FortiAuthenticator will cause a reboot (FortiAuthenticator will also warn before doing so).


The following is an example from the Fortinet Support portal, which displays the IP address tied to the FortiAuthenticator Serial number and offers the license download: