FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpozdena_FTNT
Description
This article describes how to move FortiToken Mobile between VDOMs.

Solution
1) Ensure the FortiToken mobile to move is not assigned to any user.
2) Note down the Serial Number of the FortiToken to move to different VDOM.
3 )Delete the token from current VDOM using the bellow CLI commands.
# config vdom
    edit <source_vdom_name>
    # config user fortitoken
    delete <FortiToken_Serial_Number>
end
end
4)Import the FortiToken to new VDOM using the bellow CLI commands.
# conf vdom
    edit <destination_vdom_name>
    # conf user fortitoken
        edit <FortiToken_Serial_Number>
end
end
5)Once FortiToken Mobile has been moved to new VDOM, it will be possible to assign it to users in the new VDOM as usual using either GUI or CLI.
# conf user local
    edit vpn_user
        set email-to <user_email_address>
        set two-factor fortitoken
        set fortitoken <FortiToken_Serial_Number>
    next
end
In this example, FortiToken Mobile with serial number FTKMOB8A1020XXXX will be moved from VDOM 'root' to VDOM 'test'. User 'vpn_user' will be then created and assign it to the migrated FortiToken FTKMOB8A1020XXXX .
# config vdom
    edit root
    # config user fortitoken
    delete FTKMOB8A1020XXXX
end
end

# conf vdom
    edit test
    # conf user fortitoken
        edit FTKMOB8A1020XXXX
end

# conf user local
    edit vpn_user
        set email-to user@example.com
        set two-factor fortitoken
        set fortitoken FTKMOB8A1020XXXX
    next
end
Note.
In the case there is no SMTP server configured for FortiToken activation code delivery, the activation code using the bellow CLI command will be visible.  

# show user fortitoken <FortiToken_Serial_Number> | grep activation-code

Contributors