I have just received the redemption certificate for a recent FortiToken Mobile purchase and see that the first requirement is to make sure that the FortiGate is connected to the internet. Our units are buried into process control networks that do not (nor should) have connections to the internet. Is there another method to activate the tokens?
Thanks. The units are physically isolated into a non-internet environment so it is not possible to establish a connection - even a temporary one. In v4MR3, we had a 2-factor method that used email. In v5.0.9, it has gone to FortiToken only and therefore we have no 2-factor in place.
Reading the response, I will have to remove the unit from production and then take it to another network that has internet access to enable the tokens. I can then return it to the closed network.
I recently noticed this discrepancy as well. The option is now in the CLI only it seems. The 5.2 handbook also has misleading information on this as the Email and SMS two-factor sections refer only to a token in the GUI, but the CLI instructions are correct.
Configure the user/admin as needed without two factor authentication and make sure the sms or email information is there. goto the CLI and on the user or admin, "set two-factor email" or "set two-factor sms".
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.