FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akawade
Staff
Staff
Article Id 190567

Description
 

This article describes how to resolve an issue where the 2FA configuration with mobile Tokens is incomplete and the admin is logged out.

 

Scope

 

FortiGate.

Solution

 

The admin user is unable to login to FortiGate, as 2FA has been enabled but the admin user is logged out from GUI without activating the mobile Token on the mobile Token application.
As the 2FA has been enabled for the admin user while logged in to the unit, it will ask for a Token code along with the credentials.
However, because that mobile Token was not activated on the admin user mobile application, the admin will not have any Token code to enter and access the unit.

The following are possible solutions:

 

  1. If admin has taken a config backup before configuring 2FA:
  • Flash format the FortiGate.
  • Load the same firmware version on which the backup has been taken.
  • Restore the config backup to get back the unit access.
  1. If the admin has not taken a config backup before configuring 2FA:
  • Flash format the FortiGate.
  • Load the same firmware version or any compatible firmware version and perform the configuration on the unit from scratch.

Furthermore, make sure that a config backup has been taken before enabling 2FA for admin user and, if possible create an additional super admin user for optimal insurance.

Related articles: