Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎02-02-2024 04:53 PM

problems with fortitoken

Good morning friends, a question.
I have changed equipment fortigate because the previous one was defective. When making the change, problems with fortitokens were validated. When the user has a fortitoken assigned, they cannot enter the VPN and on the other hand, users who do not have a normal token assigned can connect. Can you help me with this problem.

Labels:
2094
0 Kudos
8 REPLIES 8
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-02-2024 05:06 PM Edited on ‎02-02-2024 05:07 PM

First, have you gotten the token licenses transferred from the defecitve one to the new RMA replacement? It must be automatic but you can check if they're still there at the support site, Asset page.
If they're there, you need to reactivate the token license at the new unit. Then unfortunately all users need to go through the token activation process with the new unit again. I don't think there is a way around (hoping someone says "You're wrong!").

 

Toshi

2078
0 Kudos
unknown1020
New Contributor III
In response to Toshi_Esumi

Created on ‎02-02-2024 05:17 PM

Hello, yes, the license has already been transferred from the old device to the new fortigate.

Then would I have to upload the fortitoken license to the new fortigate again?

2074
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to unknown1020

Created on ‎02-02-2024 05:22 PM Edited on ‎02-02-2024 05:23 PM

Yes. You don't see all tokens except the free demo tokens under User&Authentication->FortiTokens, right? If not there, you can't use them.

2067
0 Kudos
unknown1020
New Contributor III
In response to Toshi_Esumi

Created on ‎02-02-2024 05:25 PM

If you see all the fortiokens, they just seem to be corrupted. Since users with the token enabled cannot connect to the VPN client. Do you have any KB?

2064
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to unknown1020

Created on ‎02-02-2024 05:37 PM

If you're seeing "Error" status in GUI or "set status lock" in CLI for some tokens, what you need to do is to delete those tokens first, then re-apply the license to clear them. It wouldn't affect to working ones.
That's what we were told by TAC when we had that problems, and it worked.

 

Toshi

2061
0 Kudos
unknown1020
New Contributor III
In response to Toshi_Esumi

Created on ‎02-02-2024 05:39 PM

Hello, can you share that KB with me. is this? https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiToken-register-and-provision-process-...

2052
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to unknown1020

Created on ‎02-02-2024 05:44 PM

We never looked up any KB. Just opened a ticket at TAC and that's what we were told to do. It was quite intuitive as well for both deleting indivitual tokens (select and hit "Delete" button) and re-applying the license ("Create New" button).

2050
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎02-06-2024 08:31 AM Edited on ‎02-06-2024 08:34 AM

ok. @hbac showed the KB describing the process of deleting/reactivating token in another thread today. It describes the step but no GUI references.
https://community.fortinet.com/t5/FortiGate/Technical-Note-Fix-Licensed-Mobile-Token-with-Error-Lock...

And this is the thread if you're interested.
https://community.fortinet.com/t5/Support-Forum/Unable-to-reactivate-a-mobile-Fortitoken/m-p/298042#...


Toshi

1951
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.