Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FTM Push on 7.x [60F] for SSL VPN

I have successfully configured FTM push.  It works great.  I have two questions:


1.  Is a push considered less secure than a user need to manually input the 6 digit number?  


2.  I have a custom SSL cert loaded for VPN and administration.  Although FTM push works with the default facotry cert is it more/less secure to use the certificate i uploaded for VPN and admin?





Good Morning @casteld73,


Regarding your questions:


FTM Push and enter the code manually both are secure


Here is the process of authentication via Mobile Token: 

  1. FortiGate sends a DNS query to the FortiToken Mobile Push proxy server (

  2. FortiGate connects to the proxy server via an encrypted connection over TCP/443.

  3. The proxy server handles the notification request by making a TLS connection with either Apple (for iOS) or Google (for Android) notification servers. Notification data may include the recipient, session, FortiGate callback IP and port, and so on.

  4. The notification service from either Apple or Google notifies the user's mobile device of the push request.

  5. The FortiToken Mobile application on the user's mobile displays a prompt for the user to either Approve or Deny the request.

You can also find an article:


Regarding the certificate, per knowledge, it won't be a matter if it uses the Factory cert. However, I do not have a concrete answer but will try to get it for you and update the thread. 

Maulish Shah
Top Kudoed Authors