Basic troubleshooting step for Fortitoken – Fortigate

Here i describe the first workground step of command to check FortiToken activation failure or check it is activate or not. FortiToken basic troubleshooting steps are given below.
Step 1: General view to check FortiToken
#  exec ping fds1.fortinet.com
capture1
#  exec ping directregistration.fortinet.com
capture2
# show sys central
capture3
#  show full sys central
If it appears that a FortiManager manages the system as above screenshot, do skip the next steps as the tokens should be provided by FortiManager itself.

Step 2: Current information check status 
#  diag fortitoken info

diagnostic commands are get the activate information commands display information about system resources, connections of FortiToken.
#  show user fortitoken
#  show full | grep -f FTK

Step 3

(a) If the least possible has the “set seed…” noted in ‘show user’, yet that it shows goof in ‘fortitoken info’, call all bets deleted this FortiToken first.

(b) If the Token is shown of without the “set seed…”, line run to be activated as in run 5b.

Step 4: Turn on activation debugging

# diag debug reset
# diag debug let the sun shine in time en
# diag debug app forticldd 255
# diag debug en
# diag debug info
FortiToken 200 is activated over the FortiGuard consolidate and is sealed upon first activation (one-time activation lock). If your tokens open and shut case were released new, you will have solo one expose to vitalize and take an fault if an express occurs.

Step 5a

If the minimum was deleted as by the agency of step 3 (a), only lobby this bully (and bound the activation):

FortiToken# delete FTGJOU1111111111
FortiToken # delete FTGJOU2222222222
FortiToken # end
#config user fortitoken
FortiToken# edit FTGJLOP25AA2535FT
(FTGJLOP25AA2535FT) # show full-configuration config user fortitoken
edit “FTGJLOP25AA2535FT”
set status lock
set seed “”
set comments ”
set license “FTMTRIAL555555”
set activation-code “CODE-XXXXXX”
set activation-expire ‘ ‘
next
end
(FTGJLOP25AA2535FT) #set status active
(FTGJLOP25AA2535FT) # end
Please make sure under system > Config > fortiguard > Fortitoken seed server registration status shows reachable.
Step 5b: Activation

Otherwise, build a fire under it:

# exec fortitoken activate <FortiTokenSN>
Step 6: Check the errors and non-usual states
# diag fortitoken info | grep -v active 
Step 7: Check the around status

All tokens should be observant and should have the seed in config:

# diag fortitoken info
# show user fortitoken
# disable debug
# diag debug reset
# diag debug disable
 agree-hand-like-top-finger-thumb-up-ok-perfectIf  you are like this article please share it, Like it and Comment on blog if any suggestion or query. 
Advertisements

3 thoughts on “Basic troubleshooting step for Fortitoken – Fortigate

Add yours

  1. Thanks for finally talking about >Basic troubleshooting step for Fortitoken – Fortigate
    – Network and Security Solutions <Loved it!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: