Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fortiuser
New Contributor

Created on ‎11-02-2015 07:17 AM

2-factor Authentication with FortiToken

Hi all,

since a few months we use 2-factor authentication with FortiToken (Mobile and Hardware) for some Firewall-Policys, which works like a charm. Now we decided, to use the same authentication for a dialup IPSec VPN on the same Fortigate. Basically it works with FortiClient 5.2.4, but some users are unable to use a tokencode older than 15 seconds! For example, when you open the app (FortiToken Mobile) and the current token is valid for the next 30 seconds, no VPN-connetion is possible. So you have to wait 30 seconds until the next token is showing and then login is smoothly. Any ideas? Thank you...

6167
0 Kudos
1 REPLY 1
neonbit
Valued Contributor

Created on ‎11-02-2015 02:47 PM

Perhaps it's a problem with the token and the drift? Probably worthwhile re-syncing the tokens to be sure.

 

This  command will re-sync a single token:

 

execute fortitoken sync <serial_number> <code> <next code>

 

To list the drift for all tokens use this command:

 

diag fortitoken drift

 

 

1319
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.