Description
This article describes how to re-add a trial or licensed FortiToken Mobile (FTM) after accidentally deleting it without restoring a backup configuration, or how to restore a license stuck in a state where it is not possible to provision the trial FortiToken to a user. This also covers RMA devices that have been replaced where the configuration has been restored. It will be necessary to delete the two tokens as well. In the second half of this article, there is an explanation of how to re-add a deleted, accidentally licensed FortiToken Mobile (FTM).
Scope
Any FortiGate device with a license key file (usually PDF file) with a 20-character activation code tied to the device.
Solution
Part #1 - Trial tokens:
The solution is to delete the other trial tokens and download them again from the FortiGuard network.
This step-by-step guide uses the two FortiTokens included in the FortiGate, running under the license FTMTRIALXXXXXXXX, with one of the two FortiTokens already deleted.
- At first, one token is missing:
-
To import the missing FortiToken again, the remaining FortiToken has to be deleted as well.
To find out which token belongs to the trial license, check the backup configuration in the 'config user fortitoken' section.A line referring to the trial license should be displayed.For example:config user fortitoken
edit "FTKMOBXXXXXXXXX"
set license "FTMTRIALXXXXXXXXXX"
next
end
If the FortiToken to be deleted is already associated with a user, remove their association first.FortiTokens list associated users under the 'User' column in the FortiToken list.They may be associated with users (User & Device -> User definition) or with an administrator (System -> Administrators). -
Delete the FortiToken by selecting it and deleting it.
-
Once both free trial FortiTokens are removed, it is possible to either download them again from the FortiGuard network with the download button or by using a specific license number.
-
The Import Free Trial FortiToken button will appear:
-
Select the + Create New button on top and select Mobile Token.
An input field for an 'Activation Code' will be presented.
For the aforementioned trial FortiTokens, the Activation Code is 0000-0000-0000-0000-0000:
It is necessary to include all hyphens '-'. After entering the code, select OK.
The FortiTokens should be displayed in the list again:
Note:This simple guide fixes small problems, but cannot replace a regular configuration backup.The FortiToken Mobile could also be restored when the FortiToken was still available, but restoring a configuration requires a restart.Both trial Tokens need to be removed from the unit before it is possible to recover them.
If VDOMs are enabled, trial Tokens are in the management VDOM (the root by default).
-
Part 2 - Licensed tokens:
- In the following image, seven tokens are listed (2 trial, and 5 licensed). Two of them either have already been provisioned or are pending application to user accounts.
-
If any of the licensed tokens have been accidentally purged, they can be restored and re-added to the device by following the next steps:
-
In the FortiGate GUI, navigate to User & Authentication -> FortiTokens and select Create New. In the example below, three mobile tokens were purged.
-
Select 'Mobile Token' as the Type, then copy and paste the Activation Code from the PDF file:
-
After successfully importing them, all accidentally purged FTMs will be added to the list. Important note: any tokens that have already been assigned will not be affected.Note:If the licensed Fortitokens are mapped to a secondary HA device, the activation code might fail. To resolve this, perform an HA failover and attempt to import the FTM using the activation codes.The following error codes may appear in the CLI.If the unit is not registered:exec fortitoken-mobile import 0000-0000-0000-0000-0000
import fortitoken license error: -7571If the serial code format is incorrect:exec fortitoken-mobile import 0000-0000-0000-0000-00
import fortitoken license error: -7566
Related articles:
