FortiToken
FortiToken Mobile is an application for iOS or Android that acts like a hardware token but utilizes hardware the majority of users possess, a mobile phone.
dalon
Staff
Staff
Article Id 194508

Description

 

This article describes the first workaround steps in case of FortiToken activation failure.
 
Scope
 
FortiToken.


Solution

 

Step 1: General view:
 
exec ping fds1.fortinet.com
exec ping directregistration.fortinet.com
show system central-management
show full system management 
 
it appears that aFortiManager manages the system, skip the next steps as the tokens should be provided by FortiManager itself.

Step 2: Current status check:
 
diag fortitoken info
diag test application forticldd 7

show user fortitoken
show full | grep -f FTK <----- Step 3.

(a) If the token has the "set seed..." displayed in 'show user', but it shows an error in 'fortitoken info', delete this FortiToken first.
(b) If the token is displayed without the "set seed...", line can be activated as in step 5b.

Step 4: Turn on activation debugging:
 
diag debug reset
diag debug console time en
diag debug app forticldd 255
diag fortitoken debug enable
diag debug enable
diag debug info
 
FortiToken 200 is activated through the FortiGuard network and is locked upon first activation (one-time activation lock). If the Tokens lock was released recently, there is only one chance to activate and catch an error if an issue occurs.

Step 5a: If the token was deleted as per step 3 (a), only run this command (and skip the activation):
 
config user fortitoken
    edit <FortiTokenSN>
end <----- Step 5b: Activation.

Otherwise, activate it:
 
exec fortitoken activate <FortiTokenSN> <----- Step 6: Check the errors and non-usual states
diag fortitoken info | grep -v active <----- Step 7: Check the overall status.

All tokens should be active and should have the seed in config:
 
diag fortitoken info
show user fortitoken
disable debug
diag debug reset
diag debug disable