Forti Token 300 USB

Question

Hi,

We got for test hardware token model 300.

Working great, but in documentation written that they are "driverless".

but if I put USB token into PC which isn't connected to internet we got installation failed.

Can somebody suggest, what must we have to install on endpoint workstation for success authorize already prepared token with valid certificate. We do not like to install _Setup suite since we will prepare certificates and keys in our IT department and provide support to end users.

Thank you in advance,

Vladimir

Prague/Czech Republic.

xsilver_FTNT · Accepted Answer

well, you can allow Windows to check for new drivers in local computer and MS Update (if not found on local comp) and then you will get generic ePass driver from MS Update downloaded and installed as middleware between token HW and Windows OS.

FTK300 is a “Driverless USB device” meaning the user does not need to install any hardware drivers for Windows ( As a CCID USB devices, the hardware driver is already provided with Windows ). PKCS#11 or MSCSP is the Application level libs in between hardware layer and the Apps. [Hardware Device]<->[Hardware Driver]<->[Middleware: API/Lib (PKCS#11/MSCSP)]<->[Application].

So, we usually call the PKCS#11 “Middleware” or “CSP” instead of a “Driver”.

However I'd recommend to use our (Fortinet) middleware, at least dll, or whole app which also allows token management like cert installation, user PIN change etc. (don't worry, there is master PIN and admin app so regardless user changed PIN and is uncooperative when token is returned, admin will be able to reset and re-use such token again).

For middleware (aka token management tool) for the FTK300 see image download section on support site: https://support.fortinet.com/Download/FirmwareImages.aspx (login with valid support contract account needed)

Our FTK300 middleware and hardware are designed to only work with each other, so the standard Feitian ePass3000 token wont work with our FTK300 middleware and vice versa.

Installation is composed of dll and token management tools. You can use just dll and link it with application, like when adding security device in FireFox by pointing to it's dll, in this case to Windows / System32 or SysWOW640 / FortinetCsp11_2003.dll .

But then you need to handle additional token/certs/PINs management somewhere else.

PLMW · Answer

I am having a similar issue where I am unable to download the FTK300 middleware from Fortinet.

We were sent some evaluation tokens about 6 months ago by our reseller and that person is no longer with the company who sent them to us.
I was wanting to demo the tokens to a customer but Fortinet make it impossible to get the software as I have tried supplying the serial numbers printed on the USB token without success in the portal.
Also tried other token middleware as they seem to be re-badged EnterSafe tokens and doesn't work with other EnterSafe middleware like the ePass2003 which visually look to be exactly the same tokens but the middleware isn't compatible.
For whatever reason Fortinet think preventing downloading the middleware is a good idea when every other hardware token provider like Yubikey have the middleware driver software for free download as the software is useless without the hardware token and vice versa.
Very frustrating process getting nowhere with the hardware tokens and doesn't surprise me that there are very few posts in the community as no one is probably using them as Fortinet make it too difficult to use them.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded