Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fabio74
New Contributor

HUGE TOKEN ISSUE

Good morning everyone. I installed the free Fortitoken (2 tokens) on my mobile. It manages my access to Admin and my User. My cell phone has completely broken. Now I can no longer access the Fortigate. Is there a way to log in without having to reset the Fortigate? Thank you

3 REPLIES 3
pminarik
Staff
Staff

You need another super_admin account without a token, or with a working one.

 

If you don't have any other super_admin account, you will have to do a factory reset, and then reconfigure (you can speed things up with an existing configuration backup). There is no other workaround. (the last-resort access via maintainer account can only reset the admin's password, it cannot remove a token)

 

If you have a phone with working app backups (iPhone, maybe Androids as well? Not sure), you could try to restore your data into your new phone. Could work, but absolutely no guarantees.

[ corrections always welcome ]
Fabio74

First of all thank you for your reply. Unfortunately I tried to launch the Backup (Android) but it doesn't work. I will necessarily have to format it. I think my Feed Back is important for those like me who have had this problem, or in any case considering the experience it is better to leave a recovery account without a Token

pminarik

The maintainer account is being removed completely (see the notes for 7.2.4), so this is unlikely to be changed any time in the future.

 

My personal recommendation is to always have at least two super_admins when using 2FA. Alternatively, create a backup super_admin account, without 2FA, with a long random password (safely stored somewhere), and restrict this account's trushost settings to something nonsensical (like 127.0.0.1, or something in the reserved range 240.0.0.0/4). This way you will practically disable it for login over the network, and it will work only locally, which is ideal for an emergency access via serial console. :)

[ corrections always welcome ]
Labels
Top Kudoed Authors