FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the FortiToken Mobile tokens configuration on Users Mobiles stops Pushing Notification for 2FA.
Scope
Push Notification Failing for Existing or New FortiToken Mobile users.
Solution
For Push Notification to work seamlessly, there should be an Admin account on FortiGate without Trusted Host feature (Restrict login to trusted hosts) enabled.
Either editing one of the existing Admin accounts or adding a new Admin account without Trusted Host fixes this issue.
Notes:
FortiGate first checks the Trusted Host settings for all incoming traffic
Hence, for Push Notification pertaining to FortiToken Mobile as well.
Therefore, a Push Notification fails/denied if there are no Admin accounts without Trusted hosts.
An exception to avoid having Admin account without Trusted Host for Security Reasons is by using FortiToken Cloud.
With FortiToken Cloud, it is not mandatory to have an Admin without Trusted Host.
