Troubleshooting Tip: How to restore the FortiGate GUI login after the 'Unable to login with FortiToken' error or the FortiToken QR code expires

kmohan · ‎08-27-2024

Description

This article describes how to restore the FortiGate GUI access when the FortiToken Mobile application is deleted or the FortiToken QR code expires.

Scope

FortiGate.

Solution

Take FortiGate recent backup files: 'FortiGate_7-6_3401_202408270401.conf'.

In any text-editing application such as notepad, go to the 'config system admin' section, confirm the admin account and remove the following line:

set two-factor Fortitoken
set fortitoken "FTKMOBxxxxxxx"

set email-to "xxxx@fortinet.com"

Admin config.png

Next, go to 'config user fortitoken' and remove the following lines:

Remove the following lines:

set seed "xxxxx"
set activation-code "yyyyyyyyyy"
set activation-expire "zzzzzzzzz"

User .png

After removing these from both configuration settings, re-image with the same config backup file firmware version:

On a physical device: Re-image via TFTP server.
On a VM (such as Azure, AWS, or EXSI): Deploy a new FortiGate.

See this article for re-imaging instructions.

After re-imaging the FortiGate device or VM deployment:

Perform a backup restore with the modified backup file without FortiToken. It will then be possible to access the FortiGate.

Troubleshooting Tip: How to restore the FortiGate GUI login after the 'Unable to login with FortiToken' error or the FortiToken QR code expires

You are leaving our website