In order to activate the FortiToken, the activation code is needed. This is generally sent to users via email, but if the FortiGate is air-gapped (no internet), this is generally not possible.

However, it is possible to see the contents of the email the FortiGate attempts to send out, even if there is no internet connection.

For the user, configure an invalid email address. Technically it does not matter what is put here, as long as the FortiGate takes it.

Run the following debug commands to see the contents of the email the FortiGate sends out:

diagnose debug reset

diagnose debug console timestamp enable
diagnose debug application alertmail -1
diagnose debug enable

To stop the debug, run the following commands:

   diagnose debug disable

   diagnose debug reset

Here is the output after sending the email. The activation code is visible and this can be put into the FortiToken application.

The activation code can also be obtained from the System Event logs as FortiGate records the action and content of FortiToken activation sent to the end-user: