Staff

Technical Tip: FTM Push Notification failing with Error - 'Token denied or timeout (-7105)'

Forum|Forum|3 years ago
June 24, 2022
1 reply
5874 views

Description

This article describes the FortiToken Mobile tokens configuration on Users Mobiles stops Pushing Notification for 2FA.

Scope

Push Notification Failing for Existing or New FortiToken Mobile users.

Solution

For Push Notification to work seamlessly, there should be an Admin account on FortiGate without Trusted Host feature (Restrict login to trusted hosts) enabled.

Either editing one of the existing Admin accounts or adding a new Admin account without Trusted Host fixes this issue.

Notes:

FortiGate first checks the Trusted Host settings for all incoming traffic
Hence, for Push Notification pertaining to FortiToken Mobile as well.
Therefore, a Push Notification fails/denied if there are no Admin accounts without Trusted hosts.
An exception to avoid having Admin account without Trusted Host for Security Reasons is by using FortiToken Cloud.

With FortiToken Cloud, it is not mandatory to have an Admin without Trusted Host.

FortiTokenPushDenied.png

C

cmjoDA

New Member

You do not need FortiToken Cloud to make this work. You can create a few local-in policies that allow all traffic from IP’s you want. Then create a deny all traffic local-in policy that is below the allow policy. You’ll also need to create a local-in policy to allow service TCP4433 and any other services e.g. RADIUS that you need. All allows need to be above the deny policy as they are processed top down.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded