FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to move Hard FortiTokens from one FortiGate to another one during configuration migration.
After migration of the configuration from the old FortiGate to the new one, the Hard Fortitokens will not be working for the user authentication by default, making these steps necessary.
Scope
FortiGate.
Solution
Fortinet TAC support is needed to remove and release the Hard Tokens with the old FortiGate
This will be done by creating a technical support ticket with Fortinet TAC.
Once the configuration is migrated by FortiConverter, it will show the Hard tokens applied to the users in the list. However, the tokens will show as 'available' instead of 'assigned' and will not work.
The Hard FortiTokens on the new FortiGate should be unbound from the users.
All Hard FortiTokens need to be deleted from the FortiGate configuration.
All Hard FortiTokens need to be entered by the serial number of the hard tokens (if there are multiple hard tokens, then it is necessary to make a file that include serial numbers of the hard token with each serial number in a line, then import the file) and then assign it to the users.
The users now can use the hard tokens as the second factor authentication
