Get error "unable to provision token" when add Mobile token to new user.
I can reach fqdn fortitokenmobile.fortinet.com and there is no intercept related to SSL (FortiGate).
Also get:
FTM provision error: problem with SSL comm layer: failed to recv response header: SSL communication layer error
There is more then 200 available mobile tokens and all already provisioned tokens works.
All worked befor upgrade to 6.2.2.
Best regards
//Goran
Hi @Goran_Blomquist
Where are these tokens set on FGT or in FortiAuthenticator?
If they are on FAC ,make sure that you are not using any proxy server configured under Administration-FortiGuard- FortiGuard Proxy Server. Also make sure that EFTM license for these tokens is added on support.fortinet.com under this FAC SN.
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-FortiAuthenticator-VM-Unable-to-p...
Thank You for reply
Where are these tokens set on FGT or in FortiAuthenticator?
FortiAuthenticator
No FortiGuard Proxy Server Configured. yes...EFTM are valid if I understand it right. Is a very old konfig and theres no timelimit on fortitokens if I understand it right.
Regards
Goran
Hi,
On support.fortinet.com portal you can see to which FAC SN is mapped EFTM license that you have configured on FAC. User Management- Fortitokens one of the column FTM license with show this EFTM SN, just compare it if its the same mapped to this FAC SN on support.fortinet.com.
Additionally make sure you have configured on System Access- Public IP/FQDN for FortiToken Mobile of FAC and make sure that on Network-Interface -edit port1 and check if its enabled Fortitoken mobile API. On firewall side please check that if firewall policies that allows traffic for FAC on both side incom/out or any security profile that will prevent communication with FGD server.
Thank you for replay.
As stated in request is was problem with the provision of Mobile Token. All token alredy signed to user worked as it should. After we downgraded version 7.2.10 (CVE-2024-3596) to 7.2.9 (Due to Bug 1075627 that make Radius fail towards FortiAuthenticator ) and downgrade FortiAuthenticator to latest 6.5 all works as it should again. Will wait for a fix.
Best regards
Goran
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.