Technical Tip: Deleting FortiTokens from Firewall in bulk

While migrating the FortiToken from one device to another, it is necessary to delete the tokens from the old unit and then register the Tokens on the new unit for assigning to the users.

To delete the FortiTokens on the old unit, remove their references first. See Technical Tip: Removing old FortiToken references from users in bulk.

After the references have been removed, follow the steps below to create a script to delete these FortiTokens in Bulk:

1. Run the following command on the CLI to get the FortiToken list.

show user fortitoken

2. Copy all the FortiTokens listed in Notepad++.

3. On Notepad++, navigate to Plugins -> Plugins Admin -> Available and search for LineFilter to install.

4. Once the plugin is installed on Notepad++, navigate to Plugins -> Line Filter -> Advanced -> Select 'Keep' -> Select 'Text Search' and then enter 'edit' in 'Lines that do contain:' option.

4. After clicking on Perform, it will create a new file with all the FortiTokens listed. Access Search -> Replace or Press 'CTRL + H ' and Replace All <edit> with <delete>:

Result:

5. Add 'config user fortitoken' at the beginning and 'end' at the end of this file, and save this to run as a script.

6. In the FortiOS GUI, in the top right corner, select the admin user Configuration -> Script -> Run Script, upload the saved file, and select OK.

This script will remove the FortiTokens in bulk on the old unit, and the FortiTokens will be ready for activation and assignment on the new unit.

Related article:
Technical Tip: Migrating users and FortiTokens to another FortiGate/FortiAuthenticator