Technical Tip: Trial FortiToken Mobile in FortiGate or FortiAuthenticator HA

caunon · ‎10-08-2019

Description

This article explains how to use the free trial FortiToken Mobile (Mobile Token) in high availability (HA) mode.

Scope

FortiToken Mobile, FortiGate.

Solution

Every FortiGate (and FortiAuthenticator) unit, there are two (2) free FortiToken Mobile (Mobile Tokens) for each FortiGate unit under User & Device -> FortiTokens.

These can be identified by their FTMTRIAL license, and do not expire. They function in the same way as a regular FortiToken Mobile (a real license comes with an EFTM-number).

Confirm this with the following CLI commands:

show user fortitoken

config user fortitoken
    edit "FTKMOBAAAAABBBBB"
        set license "FTMTRIAL95959595"
    next
    edit "FTKMOBCCCCCDDDDD"
        set license "FTMTRIAL95959595"
    next
end

FortiGate in HA: When 2 FortiGates are paired in HA, they share one set of two trial FortiTokens. Once assigned to a user or administrator, the tokens can be used as normal, independent of which unit is currently running as primary.

Trial FortiTokens are tied to a specific unit through FortiGuard. They cannot be moved to another unit if the device is replaced. If both trial FortiTokens are deleted, the primary device in the HA cluster can request a set of FortiTokens following the process in the article 'Technical Tip: Unable to import trial FortiToken Mobile'.

Technical Tip: Trial FortiToken Mobile in FortiGate or FortiAuthenticator HA

You are leaving our website