Skip to main content
ibituya
Staff
ibituya
Staff
January 27, 2026

Technical Tip: Activating hardware FortiTokens using the seed file

  • January 27, 2026
  • 0 replies
  • 894 views
Description

This article describes how to activate multiple hardware tokens using the seed file.
Scope

FortiGate.
Solution

If multiple hardware tokens need to be added at once, it is possible to activate all the tokens in a single import using the seed file. The serial number file should be a plain text file (.txt) containing one FortiToken serial number per line.

 

Activating the hardware tokens using the serial number returns with 'cmdb save error' status, a workaround is to use the seed file to import the tokens. It is a known issue (bug ID:1218458) affecting FortiOS 7.4.11, 7.6.3 - 7.6.6.

This issue is scheduled to be resolved in:

  • v7.4.12 (tentative schedule date is not yet available).
  • v7.6.7 (scheduled to be released in April 2026).
  • v8.0.0 (scheduled to be released in March 2026).

 

These timelines for firmware release are estimated and may be subject to change.

 

The token seed file can be obtained by contacting Fortinet Customer Service, as per the steps outlined in Technical Tip: Process for requesting token seed files for hardware FortiTokens.

Note: The seed file is only available for FortiToken 200CD license (example SKU 'FTK-200CD-10'), and for more information, check the link below: Technical Tip: Lost seed file for FortiToken Hardware with CD.

 

Once the seed file has been provided, activate the hardware tokens on the FortiGate GUI:

  1. Go to User & Authentication -> FortiTokens.
  2. Under Local tokens -> Create New -> Select Type as Hard Token -> Import.

 

Screenshot 2026-01-27 120311.png

 

  1. Select the Seed File and upload the provided seed file.

 

Screenshot 2026-01-27 120348.png

 

To import via the FortiGate CLI with a TFTP server:


execute fortitoken import tftp <file-name> <tftp-server>

 

To import via the FortiGate CLI with FTP server:

 

execute fortitoken import ftp <file-name> <ftp-server> <user> <password>

 

After importing, verify token status.

 

get user fortitoken

 

Post-Import steps (Common to all methods): 

Assign the token: Edit a user in User & Authentication -> User Definition -> Enable Two-factor Authentication -> Select the FortiToken.
Verify: Check User & Authentication -> FortiTokens for status (Assigned, drift/time sync, etc.).
Use the diagnostic command 'diagnose fortitoken info' to check the status.

 

Related articles:
    Terms & ConditionsAccessibility statement