Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
Contributor III

Created on ‎05-15-2025 04:31 AM

Change to FG90G? FortiToken transfer?

Hey,

 

we have a quite a lot FGs in our network but sofar no G model, any bad experiences with this model? We are thinking to trade up a FG81E to 90G, comparing the specs it is quite a huge step but I would like to know if we can expect this hardware change as an easy one. For example we are testing with a 30G model and the updates are quite strange.

 

The only thing that bothers me right now is that in this location we have more than 30 user assigned with FortiToken.Sofar we never changed Tokens from one FG to another, as I have been told it should not be so hard but I would like to know if we later can keep the same tokens for the users.

 

Thanks for your information!

Labels:
2229
0 Kudos
17 REPLIES 17
AEK
SuperUser
SuperUser

Created on ‎05-15-2025 04:42 AM

Hi Roland

No bad experience with G models so far except some new models don't have FOS 7.4 and 7.6 yet.

What do you mean by the updates are quite strange?

Ia had experience of migrating mobile tokens from old FG to new FG. But today I was shocked to read that it is not possible anymore.

https://community.fortinet.com/t5/FortiToken/Technical-Tip-FortiToken-Mobile-no-longer-supports-Lice...

That's why it is always better get FortiAuthenticator VM for central authentication.

AEK
AEK
1225
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎05-15-2025 04:46 AM

It is still possible to migrate them to FortiToken Cloud.

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Migrating-users-and-FortiTokens-t...

AEK
AEK
1222
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to AEK

Created on ‎05-15-2025 08:46 AM

This KB doesn't mention about tranfers between FGTs in HA. Not sure how they would operate after July 1. I'm now sending email to an SE to clarify.

Toshi

1171
0 Kudos
AEK
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎05-15-2025 09:05 AM

You are right about this question. If I have a standalone FG and would like to make it HA then it must be possible to transfer the tokens.

But in this case are you thinking what I'm thinking? Do you think we can transfer tokens from one FG to another by making them HA then splitting them back ? ;)

AEK
AEK
1161
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to AEK

Created on ‎05-15-2025 09:56 AM

No idea. That's why I sent email to the SE. Based on his initial response, even he didn't know about this change. He just said "will research and get back to you".

Toshi

1155
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎05-20-2025 04:21 PM

The creater/owner of the KB didn't know about the fact we can't activate available tokens when HA failover happens and the FGT that has the tokens becomes a seconday, based on his reply in my query via the KB. He also said "I'll look into this".
So we can expect some update in the KB one way or the other soon.

Also FTNT Q&A document mentions "Aug 4, 2025". So it might not be enforced on July 1, at the beginning of Q3.
https://docs.fortinet.com/document/fortitoken/latest/frequently-asked-questions/442823/fortitoken-mo...

Toshi

966
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎06-04-2025 04:34 PM

Another message came from the same creater/owner of the KB.

“… However, the transfer restriction will only apply for licenses delivered on or after August 4 2025. Pre-existing FortiToken Mobile licenses may still be transferred after that date, including between HA units.”

Toshi

781
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎06-05-2025 04:17 PM

The KB below was already updated with this note:
"FortiToken Mobile Licenses shipped before August 4, 2025, are not subject to the change and may still be transferred between devices."
in the Scope, as well as another note in the Solution section.
https://community.fortinet.com/t5/FortiToken/Technical-Tip-FortiToken-Mobile-will-no-longer-support-...

Toshi

754
AEK
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎06-09-2025 06:04 AM

So old FortiToken mobile still can be transferred after Aug 2025. I think this is more acceptable.

Regarding HA usability for new FortiTokens, the below section from FortiToken datasheet should reassure us.

 

FortiToken can also be used directly with FortiGate Next-Generation Firewalls, including with high availability configurations.

 

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortitoken.pdf

AEK
AEK
643
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.