Visitor III

Question

Fortigate 60F HA, tokens users activate error

Forum|Forum|9 months ago
August 18, 2025
5 replies
2129 views

I have a fortigate 60F in HA, I see the tokens, but when I want to assign them to users a message appears informing that the device is not registered, but if it is, the OS is 7.2.11 1740, The error appears when I want to send the email to the user

FortiToken

adambomb1219

SuperUser

Is your FortiGate registered to a Fortinet account? I would also highly recommend looking at FortiAuthenticator for tokens instead of the native FortiGate offering. Also use SAML for a much better user experience.

Toshi_Esumi

SuperUser

Verify which 60F has the token license at the support/asset page. If it's on the secondary, a token activation would fail. You might need to temporarily flip over the HA.
And if that's the case, and if you want to transfer the license to the current primary, you can ask CS team by opening a ticket.
However, the condition is you purchased the license before Aug. 4 this year. Newly purchased licenses are not transferable.

https://community.fortinet.com/t5/FortiToken/Technical-Tip-FortiToken-Mobile-will-no-longer-support-License/ta-p/391007

Toshi

dcortesAuthor

Visitor III

Hello, I have accessed the portal and only in that firewall I do not see the licenses section, then I execute the show user fortitoken command from the fw cli and I see the tokens,

2025-08-19 09_19_50-Editor de imagen de Greenshot.png

and when I want to assign one of the tokens I get this error

2025-08-19 09_50_46-FortiGate - Pa.png

Toshi_Esumi

SuperUser

Which FW you didn't see the license at the portal? Primary or secondary? You can see which is primary and which is secondary under System->HA in GUI, or "get sys ha status" at the bottom in CLI. Check the S/N there for primary and secondary.
The config under "config user fortitoken" are the same for both primary and secondary because it's syncing by HA sync regardless that unit has a license or not. That part wouldn't tell if the primary has the license or not.

Toshi

dcortesAuthor

Visitor III

I see this 2025-08-19 10_15_03-Asset Management.png

I see general, version & update, it has cluster and entitlement, but I don't see licenses, but in the rest of the devices that I have registered, that window appears

Toshi_Esumi

SuperUser

This is not a regular 60F. I've never seen this model name "FortiGate 60F HA".
Mine shows at the asset page as just "FortiGate 60F".
Probably nothing from what I said would apply to this model.

Toshi

Markus_M

Staff & Editor

Please check this documentation:

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/246857/single-fortiguard-license-for-fortigate-a-p-ha-cluster-7-4-6

It describes a single license for a cluster of FortiGates. Is that the case here?

Toshi_Esumi

SuperUser

@Markus_M I didn't know about this new feature at least with 7.4.6. But the OP has 7.2.11 running so it probably doesn't work until they're upgraded to 7.4.6 or above.

But what is exactly the new feature doc is talking about "cannot be manged":
"The vSN is registered in Asset Management with service entitlement. The individual FortiGates cannot be managed."
Also can we get the vSN retrospectively for two of those F-series models purchased separately and formed in HA then ungraded to 7.4.8?
Then, are any G-series models covered as well?

Toshi

Toshi_Esumi

SuperUser

Actually it's covered even with 7.2.9 or above. So it should work @dcortes if it's applied to the vSN.

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded