| Description | This article describes FortiToken Cloud's basic troubleshooting when it is configured on FortiGate or FortiAuthenticator. |
| Scope | FortiGate, FortiAuthenticator. |
| Solution |
There are various advantages to using the FortiToken Cloud.
It is easily possible to associate Tokens to users on FortiGate or FortiAuthenticator:
After selecting the option for FortiToken Cloud, FortiAuthenticator will update the FortiToken Cloud service, and an activation email will be sent at the same time with a QR code. Login on https://ftc.fortinet.com and some general information will appear about FortiProducts selected to use FortiToken Cloud as well, as users, realms, and SMS credit.
Also, if 'Users' is selected, the associated user will be visible with the FortiToken Cloud that is enabled on FortiGate and FortiAuthenticator.
FortiToken Cloud is enabled by default on FortiGate, it can only be enabled by FortiGate globally. Not by VDOM.
fgt # config global fgt (global) # config system global fgt (global) # set fortitoken-cloud enable
FortiToken Cloud CLI on FortiGate:
Some troubleshooting commands to run on FortiGate CLI:
config global diagnose debug console timestamp enable diagnose fortitoken-cloud debug enable diagnose debug application fnbamd –1 diagnose debug application sslvpn -1 diagnose debug application httpsd 255 diagnose debug enable
To disable the debugging:
diagnose debug disable
From debug logs on the FortiGate side for user test, see the below output:
The output below is for a different test user: pirlo from FortiAutheticator. Check Radius debug logs from FortiAuthenticator: https://<FAC-IP>/debug/radius
On the FortiToken Cloud portal,it is possible to see any errors related to user's authentications from the logs: Logs- Authentication.
It is also possible to download a copy of user authentication, filter for any date, and export this file in a CSV format.
|
