We bought a firewall without a subscription (because it's not needed) and activated the FortiToken MFA for the administrator account. After a few days we no longer had the possibility to access the firewall with the admin account, because the FortiToken Cloud service has expired. We were not aware that FortiToken was a paid service.
When we try to connect to the firewall in SSH mode, we get the attachment error, and when we try to connect with VPN connection or web admin access, we don't have the possibility to authenticate properly (the token is not validated).
In the case where there are no other administrators configured, the only option is to flash format the device and reload a backup config file. You must have console access to the device in order to format and flash the device. It is recommended to be physically on site to perform this operation.
The process of resetting an Admin user password using the maintainer account cannot be used to reset or disable two-factor authentication.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.