FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 194364



This article describes how to fix licensed FortiToken with its status locked in Error / Locked /  Provision Timed Out.




FortiToken Mobile.



For Purchased Mobile Tokens:
Step by step:
  • Delete all the Tokens that have issues.

  • To delete the token, make sure to un-assign / revoke it from the User it is assigned to.

  • Afterwards, select the tokens and delete them.

  • To add those FortiTokens, go to User & Authentication/FortiTokens -> select Create New -> Set the Type to Mobile Token and enter the Activation Code.

  • After FortiGuard validates the code, the FortiTokens will appear on the list, with the Status set to Available.
  1. For all purchased/licensed tokens at the time of purchase, a PDF of a FortiToken Mobile Redemption Certificate containing the 'Activation Code', along with the total number of mobile tokens, will be sent via Email.

  2. If the FortiToken Mobile Redemption Certificate is not received, submit a ticket to the Customer Service Team to request it.
Via the CLI:
Sometimes, renewing the token via CLI fixes the issue (Only for Error / Locked status):
execute fortitoken-mobile renew (Serial Number of particular Token)
For example:
execute fortitoken-mobile renew  FTKMOBxxxxxxx
Now, check the status of particular token. If the status doesn't change, follow all of the above mentioned steps, aside from the one directly above this.
To add Tokens:
exec fortitoken-mobile import  xxxx-xxxx-xxxx-xxxx-xxxx
Where 'xxxx' will be the activation code.