FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
jcamareno
Staff
Staff
Article Id 194050

Description

 

This article describes how to activate the FortiToken mobile license in FortiAuthenticator.

 

Scope

 

FortiToken mobile with FortiAuthenticator

Solution

 
1) Log in to the FortiAuthenticator WebUI (ensure it has a valid Internet connection).

2) Go to Authentication -> User Management -> Fortitokens (in the left-hand menu).
 
Stephen_G_0-1677773180348.png

 

3) Select 'Create New', then select 'Mobile FortiToken'.
4) Enter the activation code revealed in the certificate and select 'OK'.
5) After receiving verification, check all Tokens are available under Authentication -> User Management -> Fortitokens.
 
TROUBLESHOOTING:
 
In some cases, the activation process fails and returns an error similar to 'problem with SSL comm layer':
 
V5.4:
Stephen_G_1-1677773189764.png

 

  V6.0:
 Stephen_G_2-1677773189765.png

 

 
If this occurs, follow the steps below:
 
1) Make sure the FortiAuthenticator is able to resolve the fortitokenmobile.fortinet.com FQDN (the old url was directregistration.fortinet.com) 

In the FortiAuthenticator CLI, type the command below:
 
# execute ping fortitokenmobile.fortinet.com
 
2) Confirm there is no other device upstream to the FortiAuthenticator preventing it from reaching the licensing servers over TCP/443.
 
Additionally, a packet capture can be run on the port that FortiAuthenticator uses to reach the internet under System -> Network -> Packet Capture (blue play button). It is recommended to increase the Maximum Packets value to a value such as 5000 and try an activation. The .pcap file can be downloaded and analyzed in Wireshark to give information regarding the communication with fortitokenmobile.fortinet.com
 
ebilcari_0-1677772245987.png

 

    
3) Contact the Technical Assistance Center [TAC] and confirm the licensing servers are operational.