Hi,
We got for test hardware token model 300.
Working great, but in documentation written that they are "driverless".
but if I put USB token into PC which isn't connected to internet we got installation failed.
Can somebody suggest, what must we have to install on endpoint workstation for success authorize already prepared token with valid certificate. We do not like to install _Setup suite since we will prepare certificates and keys in our IT department and provide support to end users.
Thank you in advance,
Vladimir
Prague/Czech Republic.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
well, you can allow Windows to check for new drivers in local computer and MS Update (if not found on local comp) and then you will get generic ePass driver from MS Update downloaded and installed as middleware between token HW and Windows OS.
FTK300 is a “Driverless USB device” meaning the user does not need to install any hardware drivers for Windows ( As a CCID USB devices, the hardware driver is already provided with Windows ). PKCS#11 or MSCSP is the Application level libs in between hardware layer and the Apps. [Hardware Device]<->[Hardware Driver]<->[Middleware: API/Lib (PKCS#11/MSCSP)]<->[Application].
So, we usually call the PKCS#11 “Middleware” or “CSP” instead of a “Driver”.
However I'd recommend to use our (Fortinet) middleware, at least dll, or whole app which also allows token management like cert installation, user PIN change etc. (don't worry, there is master PIN and admin app so regardless user changed PIN and is uncooperative when token is returned, admin will be able to reset and re-use such token again).
For middleware (aka token management tool) for the FTK300 see image download section on support site: https://support.fortinet.com/Download/FirmwareImages.aspx (login with valid support contract account needed)
Our FTK300 middleware and hardware are designed to only work with each other, so the standard Feitian ePass3000 token wont work with our FTK300 middleware and vice versa.
Installation is composed of dll and token management tools. You can use just dll and link it with application, like when adding security device in FireFox by pointing to it's dll, in this case to Windows / System32 or SysWOW640 / FortinetCsp11_2003.dll .
But then you need to handle additional token/certs/PINs management somewhere else.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hello Vladimir,
MSI version might be available from DEV team at around 12th of June.
regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
well, you can allow Windows to check for new drivers in local computer and MS Update (if not found on local comp) and then you will get generic ePass driver from MS Update downloaded and installed as middleware between token HW and Windows OS.
FTK300 is a “Driverless USB device” meaning the user does not need to install any hardware drivers for Windows ( As a CCID USB devices, the hardware driver is already provided with Windows ). PKCS#11 or MSCSP is the Application level libs in between hardware layer and the Apps. [Hardware Device]<->[Hardware Driver]<->[Middleware: API/Lib (PKCS#11/MSCSP)]<->[Application].
So, we usually call the PKCS#11 “Middleware” or “CSP” instead of a “Driver”.
However I'd recommend to use our (Fortinet) middleware, at least dll, or whole app which also allows token management like cert installation, user PIN change etc. (don't worry, there is master PIN and admin app so regardless user changed PIN and is uncooperative when token is returned, admin will be able to reset and re-use such token again).
For middleware (aka token management tool) for the FTK300 see image download section on support site: https://support.fortinet.com/Download/FirmwareImages.aspx (login with valid support contract account needed)
Our FTK300 middleware and hardware are designed to only work with each other, so the standard Feitian ePass3000 token wont work with our FTK300 middleware and vice versa.
Installation is composed of dll and token management tools. You can use just dll and link it with application, like when adding security device in FireFox by pointing to it's dll, in this case to Windows / System32 or SysWOW640 / FortinetCsp11_2003.dll .
But then you need to handle additional token/certs/PINs management somewhere else.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hello,
after series of various test we cannot find a way to install drivers (or middleware) without running setup file.
we can deploy on all needed PC setup but, would be better to have it in .MSI format (GPO deployment).
What do you think, it is possible to convert (or ask Fortinet) to provide us software in .MSI format?
thank you in advance.
Vladimir.
Prague/Czech Republic.
Hello Vladimir,
MSI version might be available from DEV team at around 12th of June.
regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Great news. Thanks a lot.
would be great, if it can contain minimal set - drivers and middleware. no utility for manage certificates.
I am having a similar issue where I am unable to download the FTK300 middleware from Fortinet.
We were sent some evaluation tokens about 6 months ago by our reseller and that person is no longer with the company who sent them to us.
I was wanting to demo the tokens to a customer but Fortinet make it impossible to get the software as I have tried supplying the serial numbers printed on the USB token without success in the portal.
Also tried other token middleware as they seem to be re-badged EnterSafe tokens and doesn't work with other EnterSafe middleware like the ePass2003 which visually look to be exactly the same tokens but the middleware isn't compatible.
For whatever reason Fortinet think preventing downloading the middleware is a good idea when every other hardware token provider like Yubikey have the middleware driver software for free download as the software is useless without the hardware token and vice versa.
Very frustrating process getting nowhere with the hardware tokens and doesn't surprise me that there are very few posts in the community as no one is probably using them as Fortinet make it too difficult to use them.
Read first.
Looking for firmware? Check on Support.fortinet.com in firmware downloads.
Or, follow link from my post on 2015-06-02 , so:
https://support.fortinet.com/Download/FirmwareImages.aspx
then obviously Select Product = FortiToken, then Downloads and FortiToken300 folder.
Voila.
However you are right that it seems that users prefer TOTP tokens over SmartCard like tokens. Maybe it will change with FIDO2 tokens.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
The issue is the hardware serial numbers I have are not accepted by the portal when trying to register them. So when I try and login to the support portal I get:
So the problem still stands if you have hardware tokens there is no way to download the middleware if you don't have FortiAuthenticator, so I have signed up for a FortiAuthenticator eval and now have access to download software.
Serial numbers of FortiToken 300 are not registered and usable directly in FortiCare.
However you should be able to reach firmware download part of https://support.fortinet.com via any registered product (like FortiGate), no need to have explicitly FortiAuthenticator or any specific product.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.