| Solution |
Most of the Fortinet products come in multiple form factors: Hardware, Virtual Machine (for private and public cloud) or as a Cloud hosted service. Exceptions are FortiSwitches and FortiAP’s which come only as Hardware appliances.
Customers often want to know what happens when services expire for various Fortinet products.
Fortinet offers FortiGuard and FortiCare services. FortiGuard services are security services provided by the internal FortiGuard research team powered by the threat intelligence collected around the globe and delivered to all our security appliances. These services enhance the defensive capabilities of all Fortinet devices. FortiCare service is per-device support services, and it provides customers access to over 1,800 experts to ensure efficient and effective operations and maintenance of Fortinet products.
What happens when these services expire:
When support services are not extended for Cloud hosted services, access is lost to the service. If the service is not extended within 30 days, the cloud instance is deleted.
Virtual Machines are more complicated as they can be acquired under perpetual or subscription models. Perpetual machines are paid for upfront and additional support and security services are purchased and applied to them based on the customer requirements (like with the Hardware models). Subscription machines come as a bundle including virtual machines, security services and support. The perpetual model is considered CAPEX and subscription as OPEX since all costs are bundled and paid in equal portions. When support expires for subscription virtual machines, the customer is given a grace period of 30 days to renew the service. All devices continue to operate normally with some limited functionalities or reduced security features. If service is not paid for in 30 days, the customer will only get CLI access to the devices and will lose their functionalities.
Perpetual virtual machines have the same behavior as Hardware appliances. When FortiGuard services expire, customers have limited security features for the devices. FortiGate devices will operate as classic L3 firewalls with only cached NGFW functionalities available. They will have the AV, Application and IPS signatures, which are acquired until the service expiration date, and will lose access to FortiGuard Threat Intelligence for services like web filtering. All other device functions such as network functions (FortiSwitches, FortiAPs, FortiGates), management functions (FortiManager), and analytics functions which do not require FortiGuard access (FortiManager, FortiAnalyzer) will continue to operate normally. When FortiCare support services expire, the customer loses the VM or Hardware support and will not get assistance from Fortinet in cases where something malfunctions. On top of that, customers will no longer have the capability to upgrade the firmware of the devices to get the latest security and bug fixes. Similarly to with FortiGuard services, when FortiCare service expire, all other device functions such as network functions (FortiSwitches, FortiAP’s, FortiGates), management functions (FortiManager), and analytics functions (FortiManager, FortiAnalyzer) will continue to operate normally.
|
