Change to FG90G? FortiToken transfer?

RolandBaumgaertner72 · ‎05-15-2025

Hey,

we have a quite a lot FGs in our network but sofar no G model, any bad experiences with this model? We are thinking to trade up a FG81E to 90G, comparing the specs it is quite a huge step but I would like to know if we can expect this hardware change as an easy one. For example we are testing with a 30G model and the updates are quite strange.

The only thing that bothers me right now is that in this location we have more than 30 user assigned with FortiToken.Sofar we never changed Tokens from one FG to another, as I have been told it should not be so hard but I would like to know if we later can keep the same tokens for the users.

Thanks for your information!

AEK · ‎05-15-2025

Hi Roland

No bad experience with G models so far except some new models don't have FOS 7.4 and 7.6 yet.

What do you mean by the updates are quite strange?

Ia had experience of migrating mobile tokens from old FG to new FG. But today I was shocked to read that it is not possible anymore.

https://community.fortinet.com/t5/FortiToken/Technical-Tip-FortiToken-Mobile-no-longer-supports-Lice...

That's why it is always better get FortiAuthenticator VM for central authentication.

AEK

AEK · ‎05-15-2025

It is still possible to migrate them to FortiToken Cloud.

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Migrating-users-and-FortiTokens-t...

AEK

Toshi_Esumi · ‎05-15-2025

This KB doesn't mention about tranfers between FGTs in HA. Not sure how they would operate after July 1. I'm now sending email to an SE to clarify.

Toshi

AEK · ‎05-15-2025

You are right about this question. If I have a standalone FG and would like to make it HA then it must be possible to transfer the tokens.

But in this case are you thinking what I'm thinking? Do you think we can transfer tokens from one FG to another by making them HA then splitting them back ? ;)

AEK

Toshi_Esumi · ‎05-15-2025

No idea. That's why I sent email to the SE. Based on his initial response, even he didn't know about this change. He just said "will research and get back to you".

Toshi

Toshi_Esumi · ‎05-20-2025

The creater/owner of the KB didn't know about the fact we can't activate available tokens when HA failover happens and the FGT that has the tokens becomes a seconday, based on his reply in my query via the KB. He also said "I'll look into this".
So we can expect some update in the KB one way or the other soon.

Also FTNT Q&A document mentions "Aug 4, 2025". So it might not be enforced on July 1, at the beginning of Q3.
https://docs.fortinet.com/document/fortitoken/latest/frequently-asked-questions/442823/fortitoken-mo...

Toshi

Toshi_Esumi · ‎06-04-2025

Another message came from the same creater/owner of the KB.

“… However, the transfer restriction will only apply for licenses delivered on or after August 4 2025. Pre-existing FortiToken Mobile licenses may still be transferred after that date, including between HA units.”

Toshi

Toshi_Esumi · ‎06-05-2025

The KB below was already updated with this note:
"FortiToken Mobile Licenses shipped before August 4, 2025, are not subject to the change and may still be transferred between devices."
in the Scope, as well as another note in the Solution section.
https://community.fortinet.com/t5/FortiToken/Technical-Tip-FortiToken-Mobile-will-no-longer-support-...

Toshi

AEK · ‎06-09-2025

So old FortiToken mobile still can be transferred after Aug 2025. I think this is more acceptable.

Regarding HA usability for new FortiTokens, the below section from FortiToken datasheet should reassure us.

FortiToken can also be used directly with FortiGate Next-Generation Firewalls, including with high availability configurations.

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortitoken.pdf

AEK

Change to FG90G? FortiToken transfer?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website