Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kaman
Staff
Staff

Created on ‎11-26-2024 02:24 AM Edited on ‎11-27-2024 03:15 AM By Community Manager

Article Id 360075

Technical Tip: Ensuring FortiToken Authentication Without Internet Connectivity

Description

 

This article describes how to use FortiToken for authentication in offline environments.

 

Scope

 

FortiOS.

 

Solution

 

FortiTokens (excluding the FortiToken-200CD) automatically synchronize their encryption seed files with the assigned FortiGate or FortiAuthenticator, ensuring secure and continuous token code generation.

The FortiToken-200CD models include an activation CD containing the token seed files, which are installed onto the FortiGate or FortiAuthenticator. This CD facilitates the easy import of multiple FortiTokens simultaneously.

The FortiToken-211 series tokens differ in that the seed files are not stored by Fortinet but are instead included on a CD that accompanies the hardware tokens. To transfer these tokens to a new unit, the CD containing the seed files must be used.


Without an internet connection, FortiGate and FortiAuthenticator devices can authenticate users locally, using the stored encryption seeds to validate the generated token codes.

This local storage of encryption seeds enables FortiGate and FortiAuthenticator units to maintain their two-factor authentication capabilities even during network outages, ensuring uninterrupted secure access.

Notes:

  • FortiToken Mobile requires connectivity to FortiGuard for performing management tasks, such as assigning tokens to users or making configuration changes. Once a token has been assigned, it will function even if the FortiGate or FortiAuthenticator device loses internet access. In contrast, FortiToken-200 devices can be assigned to users without requiring internet access, allowing for offline user management.
    This flexibility ensures that token-based authentication can remain operational even in environments where internet access is unavailable.

  • It is critical to safeguard token seed files, especially for models like FortiToken-211 and FortiToken-200CD. Unauthorized access to these files could compromise the security of the two-factor authentication system. Always store CDs and seed files in a secure location and restrict access to authorized personnel only.


For further inquiries, a ticket should be raised with the Customer Support Team for review and verification.

1359
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.