Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ron_Beck
New Contributor

FortiToken Mobile - Internet

I have just received the redemption certificate for a recent FortiToken Mobile purchase and see that the first requirement is to make sure that the FortiGate is connected to the internet.  Our units are buried into process control networks that do not (nor should) have connections to the internet.  Is there another method to activate the tokens?

 

--Ron

FGT-620B-DC FGT-100C Rugged FAZ-1000B
FGT-620B-DC FGT-100C Rugged FAZ-1000B
1 Solution
norouzi
Contributor

FortiGate needs internet to activation FortiToken.

Just for activation. You can remove internet link after activation.

Also there are some proxy configuration if there is any proxy server in your network.

Another way is using FortiManager.

View solution in original post

4 REPLIES 4
norouzi
Contributor

FortiGate needs internet to activation FortiToken.

Just for activation. You can remove internet link after activation.

Also there are some proxy configuration if there is any proxy server in your network.

Another way is using FortiManager.

Ron_Beck
New Contributor

Thanks.  The units are physically isolated into a non-internet environment so it is not possible to establish a connection - even a temporary one.  In v4MR3, we had a 2-factor method that used email.  In v5.0.9, it has gone to FortiToken only and therefore we have no 2-factor in place.

 

Reading the response, I will have to remove the unit from production and then take it to another network that has internet access to enable the tokens.  I can then return it to the closed network.

 

--Ron

FGT-620B-DC FGT-100C Rugged FAZ-1000B
FGT-620B-DC FGT-100C Rugged FAZ-1000B
norouzi
Contributor

Yes, You can do it.

But two-factor authentication with sms and email is not removed from version 5.

You still can use them.

Kenundrum
Contributor III

I recently noticed this discrepancy as well. The option is now in the CLI only it seems. The 5.2 handbook also has misleading information on this as the Email and SMS two-factor sections refer only to a token in the GUI, but the CLI instructions are correct.

Configure the user/admin as needed without two factor authentication and make sure the sms or email information is there. goto the CLI and on the user or admin, "set two-factor email" or "set two-factor sms".

CISSP, NSE4

 

CISSP, NSE4
Labels
Top Kudoed Authors