Hey Rroy,

do you still have issues with assigning tokens?

Regarding the anycast/protocol settings, they are only available in higher firmware versions (assuming you are on 5.4 as your post is tagged).

If the issue is still persisting, you might want to consider opening a ticket with Fortinet Technical Support for assistance with digging into the connection between FortiGate and the FortiToken servers.

please provide the below commands 

Putty1:

dia debug app update -1 

dia de en 

execute update-now 

Putty2:

========

dia sniffer packet any "host x.x.x.x " 4 0 a 

x.x.x.x ip address generating putty1 

Please share both logs and give us update.

-Naveen  

Hello:

We also get the same problem after changing user's token infomation.

We had tried this posted info and it might get the following messages.

fds_https.c[593] fds_ctx_set_addr: server: 173.243.138.67:443
fds_svr_core.c[169] fds_svr_default_pickup_server: fdni: 173.243.138.67:443
fds_command.c[300] fds_send_reply: Sending 736 bytes data.
fds_command.c[324] fds_send_reply: send reply failed: req-1, Connection refused
fds_command.c[920] upd_parse_res: no IMLT object in response

ftm_fc_command[492]:forticare [directregistration.fortinet.com:443] unreachable

We can ping to directregistration.fortinet.com from our fortigate.

We have 3 Fortigate 310B and they also have fortitoken license.

The original token has shown the locked status and can't change status in CLI.

Please help us to resolve the problem.

Thanks.

Dear Roy,

Please be aware that 5.4 is out of support. The same goes actually for the 5.6 and in September the 6.0 will also be end of support. Please plan an upgrade.

The Anycast related changes were implemented in the 6.4.3

Did Upgrading the firmware fix this issue?