FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff
Article Id 276480
Description

This article describes how to get a FortiToken Mobile activation code as a workaround when an activation email is not received.

Scope FortiGate below v7.6.3.
Solution In some cases, when trying to send the activation code for FortiToken Mobile, the email is not received by the users. Either the email is not sent successfully, or the spam filter blocks the email on the user's side. Email address notification.fortinet.com can be whitelisted to get the activation code, or it is possible to get the activation code through alert email debugging.

Capture.PNG

 


Run the following commands before selecting 'OK':

 

diagnose debug reset

diagnose debug enable

diagnose debug console timestamp enable

diagnose debug application alertmail -1

 

The activation code will be received through the debug output. This can be used for manual activation.

activation code.PNG

 

To stop the debug:

 

diagnose debug disable

 

Note:
For a proper troubleshooting activation email, refer to Troubleshooting Tip: Email alert.

 

From the System Events log:

Another way to gain the activation code is by navigating to Log & Report -> Events -> System Events. Filter by User and Details as demonstrated in the image below:

 

Capture2.PNG

 

An alternative to acquiring the activation code in case the email is not making it through is via CLI:

 

PRIMARY # config user fortitoken

PRIMARY (fortitoken) #
PRIMARY (fortitoken) # edit FTKMOB99C7Dxxxxx

PRIMARY (FTKMOB99C7D975DF) # get
serial-number : FTKMOB99C7Dxxxxx
status : active
comments :
license :
activation-code : EEIOTCU3LENEDJMR  <----
activation-expire : Mon Jul 15 20:10:19 2024
reg-id :
os-ver :

 

Follow the procedure below when using the free trial FortiTokens, and get an error message like 'Failed to send activation code' or 'No active token found' error while trying to send the activation code email. 

In the GUI, Go to User & Authentication -> FortiTokens.

 

free.png

 

There will be two free trial FortiTokens available in every FortiGate device by default. Select each FortiToken and delete both tokens.


import.png

 

After deleting, at the top right, there will be an option to 'Import Free Trail Tokens'. Select that option to get back the tokens.

new.png

 

The status of both tokens will be set to 'Available'. So, try to reconfigure the Two-factor Authentication of Administrative Access or SSL VPN users using the new FortiTokens.

 

The activation code will no longer be available in the alertmail debug and system event from v7.6.3 onwards:

 

sleekshot.png

 

sleekshot.png

 

Related articles:
Technical Tip: How to activate FortiToken manually for admin account

Technical Tip: How to assign FortiToken Mobile to users on FortiGate and FortiAuthenticator