|
On the GUI when there are licensed Mobile tokens from the GUI it does not show which are licensed tokens and which are free tokens. The serial number might also have the same starting characters so it is hard to understand the difference.
To identify them open up CLI and follow the commands:
show user fortitoken
This will show a list of all the tokens on the FortiGate:
show user fortitoken
config user fortitoken
edit "FTKMOB393D4Cxxxx"
set license "FTMTRIAL0D87xxxx"
set activation-code "EEIOR3FCE7CLWEUU"
set activation-expire 1695396870
set reg-id "fYH4qYr8TJORoTr0EyAQan:APA91bEonBxM4QU5wBsyh5
jeNgvkU4mkUhjwCyUZ3cwqZy3bSzhBKOSNgq4XDTSfr8FHxJmEXEQ4Qy
SisyzwJlY7c9RZzHYeLxUqweS970Pcs_DFFEpvHuPmD5DNipjzgWA1Rv9b6Qxc"
set os-ver "5.3.2.0070_AND"
next
From the list, look for the token that has 'FTMTRIAL' mentioned under 'set license'. This will be the one that comes free with every FortiGate.
Notes
- These trial FortiTokens cannot be migrated to a different FortiGate, as the new unit will already include two trial FortiTokens. Migrating them with the configuration will show them as available, but they cannot be used.
- HA clusters of 2 units that share a single license (vSN / Virtual Serial Number) are not entitled to Trial FortiTokens. Also, the Mobile Token license cannot be used in this situation, as it cannot be associated to the vSN.
Also, it is a good practice to check the expiration and renewal of a FortiToken to avoid any type of issues related to licensing or expiration, so from the above output it is possible to check 'set activation-expire' (epoch format). It is possible to use the following free tool to check this:
Epoch Converter - Unix Timestamp Converter
Regularly checking this information about the expiration of a FortiToken will ensure not lose access.
Related documents:
|
