FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195060



This article explains how to activate the FortiToken Trial serial numbers included in each FortiGate unit.

FortiGate are shipped with two free FortiTokens Mobile per unit with unique serial numbers. This works very similar to the bought licenses with the EFTMxxx numbers, it will have a real activation code.



- FortiOS.

- Import FortiToken.
- Activate FortiToken mobile.

- FortiToken Replacement.



To activate FortiToken Mobile in Android/iPhone/iPad device, complete the following steps:
- Go to User & Authentication -> FortiTokens.

If free FortiToken is not listed, it can be imported by selecting 'Import Free Trial Tokens':



If there is an activation code, then on GUI, create new Hard Token or Mobile Token:


Locate the 20-digit code on the redemption certificate for the license: EFTMXXXXXXXX.


- Go to User & Device -> FortiTokens and select 'Create New'.

- Select 'Mobile Token’ and enter the 20-digit certificate code in the Activation Code box.

- Select 'OK'.






From CLI:


   # execute fortitoken-mobile import 0000-0000-0000-0000-0000

- Assign and provision tokens to each user that needs to use two-factor authentication.


- Verify the FortiGate has a messaging service enabled. For FortiToken it is required to have at least one of SMTP or SMS server gateway.


- Go to System -> Settings.


- Configure an SMTP server.





From CLI:


# config system email-server

    set server ""

    set port 465

    set security smtps



Enable authentication, if it is required by the server to send email messages.

If a security mode is selected, make sure the TLS tunnel can come up by importing the custom mail servers CA to the FortiGates CA store.


Configure SMS server for sending SMS messages to support user authentication.


# config system sms-server

edit <name>

set mail-server {string}




3) Add a user using the wizard, or edit an existing one (step 2.3):


3.1) If added a new one, set on step 3 the email address associated with this user or SMS phone number if configuring an SMS server.


3.2) 'Two-factor Authentication' checkbox must be enabled.


3.3) Select the FortiToken mobile serial to assign to the user.


3.4) If editing FortiToken of an existing user, use the 'Send Activation Code' button next to the token field.




4) If the SMTP or SMS server are configured fine, the user will receive an activation code made of 16 alphanumeric digits.


On End user side (Mobile):


1) Open the FortiToken Mobile app on the smartphone.


2) Select add +.



3) Open the email of the user (the one of the code was sent out).


a) Open the attached graphic in the email of the QR code and point the mobile device camera at the QR code.

The QR code is only included in the email activation mode, it will not be available in an SMS.


b) Or choose Select 'Enter Manually' select as a Fortinet account and enter the 16-character activation code contained in the email or SMS.