FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jmoya
Staff
Staff
Article Id 195060

Description

 

This article explains how to activate the FortiToken Trial serial numbers included in each FortiGate unit.
 

FortiGate are shipped with two free FortiTokens Mobile per unit with unique serial numbers. This works very similar to the bought licenses with the EFTMxxx numbers, it will have a real activation code.


Scope

 

  • FortiOS.
  • Import FortiToken.
  • Activate FortiToken mobile.
  • FortiToken Replacement.


Solution

 

To activate FortiToken Mobile in Android/iPhone/iPad device, complete the following steps:
 
  • Go to User & Authentication -> FortiTokens. If free FortiToken is not listed, it can be imported by selecting 'Import Free Trial Tokens':

matanaskovic_0-1664194967015.png

 

If there is an activation code, then on GUI, create a new Hard Token or Mobile Token:

 

Locate the 20-digit code on the redemption certificate for the license: EFTMXXXXXXXX.

 

  • Go to User & Device -> FortiTokens and select 'Create New'.
  • Select 'Mobile Token’ and enter the 20-digit certificate code in the Activation Code box.
  • Select 'OK'.

 

matanaskovic_2-1664195160663.png

 

matanaskovic_3-1664195258945.png

 

From CLI:

 

   execute fortitoken-mobile import 0000-0000-0000-0000-0000
 

  • Assign and provision tokens to each user who needs to use two-factor authentication.
  • Verify the FortiGate has a messaging service enabled. For FortiToken it is required to have at least one of SMTP or SMS server gateway.
  • Go to System -> Settings.
  • Configure an SMTP server.

 

matanaskovic_4-1664195457192.png

 

 

From CLI:

 

config system email-server

    set server "notification.fortinet.net"

    set port 465

    set security smtps

end

 

Enable authentication, if it is required by the server to send email messages.

If a security mode is selected, make sure the TLS tunnel can come up by importing the custom mail servers CA to the FortiGates CA store.

 

Configure an SMS server for sending SMS messages to support user authentication.

 

config system sms-server

edit <name>

set mail-server {string}

next

end

 

  1. Add a user using the wizard, or edit an existing one (step 2.3):
  • If a new one is added, set on step 3 the email address associated with this user or SMS phone number if configuring an SMS server.
  • The 'Two-factor Authentication' checkbox must be enabled.
  • Select the FortiToken mobile serial to assign to the user.
  • If editing the FortiToken of an existing user, use the 'Send Activation Code' button next to the token field.

 

matanaskovic_5-1664195615952.png

 

  1. If the SMTP or SMS server is configured fine, the user will receive an activation code made of 16 alphanumeric digits.

 

On the End user side (Mobile):

 

  1. Open the FortiToken Mobile app on the smartphone.
  2. Select add +.
 

ndumaj_5-1659103045938.png

 

  1. Open the email of the user (the one of the code was sent out).
  • Open the attached graphic in the email of the QR code and point the mobile device camera at the QR code. The QR code is only included in the email activation mode, it will not be available in an SMS.
  • Or choose Select 'Enter Manually' select as a Fortinet account and enter the 16-character activation code contained in the email or SMS.
  1. After adding the token, its name can be edited.

 

Token rename.png

 

Token rename-1.png

 

Troubleshooting notes:

  1. If the token selection is empty on the user profile :

 

problem.jpg

 

Solution :

  • Make sure the tokens are available.
  • Make sure the FortiGate system email settings are in place.