Description
This article describes how to activate the FortiToken mobile license in FortiAuthenticator.
Scope
FortiToken mobile with FortiAuthenticator
Solution
1) Log in to the FortiAuthenticator WebUI (ensure it has a valid Internet connection).
2) Go to Authentication -> User Management -> Fortitokens (in the left-hand menu).
3) Select 'Create New', then select 'Mobile FortiToken'.
4) Enter the activation code revealed in the certificate and select 'OK'.
5) After receiving verification, check all Tokens are available under Authentication -> User Management -> Fortitokens.
TROUBLESHOOTING:
In some cases, the activation process fails and returns an error similar to 'problem with SSL comm layer':
V5.4:
V6.0:
If this occurs, follow the steps below:
1) Make sure the FortiAuthenticator is able to resolve the fortitokenmobile.fortinet.com FQDN (the old url was directregistration.fortinet.com) In the FortiAuthenticator CLI, type the command below:
# execute ping fortitokenmobile.fortinet.com
2) Confirm there is no other device upstream to the FortiAuthenticator preventing it from reaching the licensing servers over TCP/443.
Additionally, a packet capture can be run on the port that FortiAuthenticator uses to reach the internet under System -> Network -> Packet Capture (blue play button). It is recommended to increase the Maximum Packets value to a value such as 5000 and try an activation. The .pcap file can be downloaded and analyzed in Wireshark to give information regarding the communication with fortitokenmobile.fortinet.com
3) Contact the Technical Assistance Center [TAC] and confirm the licensing servers are operational.