Description
This article describes how to connect to the FortiToken server to be able to download FortiToken Mobile. This issue occurs if the source IP used by the FortiGate is not allowed to be routed, as illustrated below:
Scope
FortiGate.
Solution
diag debug app forticldd -1
diag debug app alert -1
diag debug enable
Now, examine the output of the debug:
2023-03-09 10:30:52 ftm_cfg_import_license[324]:import license 0000-0000-0000-0000-0000
2023-03-09 10:30:52 is_trial_tokens_available[55]:No trial tokens are available.
2023-03-09 10:30:52 ftm_fc_comm_connect[38]:ftm cannot resolve DNS
2023-03-09 10:30:52 ftm_fc_command[539]:forticare [ftm2.fortinet.net:443] unreachable
Based on the output above, it is possible to see that the FTM server is unreachable. This can be caused by a FortiGuard connectivity issue. It is possible to change the following settings to ensure connectivity to the server.
config system fortiguard
set fortiguard-anycast disable
set port 8888
set protocol udp
set source-ip 0.0.0.0
end
Note that the default protocol and port alongside with disabled fortiguard-anycast service, must be reachable. Default values can be found in config system fortiguard - FortiGate CLI reference.
FortiOS's Anycast FTM server domain for AWS has been changed to 'globalftm2.fortinet.net', and settings had been adjusted starting from FOS 7.4.1, for the branches below 7.4.1 it is still ftm2.fortinet.net.
Therefore, if the FortiGate is running below than 7.4.1 Anycast with AWS, will fail to add new FortiToken Mobiles. To be able to activate FTM, Anycast should be disabled, or adjusted to the value 'fortinet'.
After that, try to import the tokens again. If the issue persists, contact Fortinet technical support for more assistance.
Related article:
Technical Note: How to control/change the FortiGate source IP for self-generated traffic.
Troubleshooting Tip: import FortiToken license Internal server.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.