Fortinet black logo

Migrate FortiToken

23.1.0
Copy Link
Copy Doc ID dc7719fd-c5d8-11ed-8e6d-fa163e15d75b:330976

Migrate FortiToken

FortiToken cannot be migrated by FortiConverter Service because it needs to be done on user’s new device. Please follow the steps below to migrate and activate your FortiToken configs.

To import the FortiToken Hardware into your FortiGate:

  1. Export the FortiToken config from the old device and import the config to the new device. The config can be output in the CLI console by the commands:
  2. "config user fortitoken" -> "show".

  3. Remove the FortiTokens from the old device, or block the access of the old device to FortiGuard. This would prevent the old device from requesting the activation of the tokens after they are reset.
  4. Reset the activation flags for the tokens through FortiCare.
  5. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you reset the activation flags of the FortiTokens. The message should include the SN of the old device and the FortiTokens.

    The TAC would reset the activation flag and inform you after it is completed.

  6. Connect the new device to FortiGuard, and the tokens would be activated.

To import the FortiToken into your FortiGate:

  1. Transfer the FortiToken license from the old device SN to the new device SN through FortiCare.
  2. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you migrate the FortiTokens from the old device to the new device. The message should include the SN of the old device, the new device, and the FortiTokens.

    The TAC would migrate the token and inform you after the migration is completed.

  3. Activate the FortiToken on the new device.
  4. Go to the page User & Authentication > FortiTokens on the new device. Click Create New and input the activation code of the FortiTokens. The tokens would be imported into the new device.

  5. Re-provision every user, which means to bind a new token to user’s app again.
  6. Configure users on the new device, send the activation code through e-mails or SMS to do re-provision for all users, and the migration is completed. The seeds on the old device cannot be restored to the new device. This is designed to prevent possible fraudulent attacks.

Migrate FortiToken

FortiToken cannot be migrated by FortiConverter Service because it needs to be done on user’s new device. Please follow the steps below to migrate and activate your FortiToken configs.

To import the FortiToken Hardware into your FortiGate:

  1. Export the FortiToken config from the old device and import the config to the new device. The config can be output in the CLI console by the commands:
  2. "config user fortitoken" -> "show".

  3. Remove the FortiTokens from the old device, or block the access of the old device to FortiGuard. This would prevent the old device from requesting the activation of the tokens after they are reset.
  4. Reset the activation flags for the tokens through FortiCare.
  5. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you reset the activation flags of the FortiTokens. The message should include the SN of the old device and the FortiTokens.

    The TAC would reset the activation flag and inform you after it is completed.

  6. Connect the new device to FortiGuard, and the tokens would be activated.

To import the FortiToken into your FortiGate:

  1. Transfer the FortiToken license from the old device SN to the new device SN through FortiCare.
  2. Create a FortiCare ticket on the Support Portal https://support.fortinet.com/, and ask TAC to help you migrate the FortiTokens from the old device to the new device. The message should include the SN of the old device, the new device, and the FortiTokens.

    The TAC would migrate the token and inform you after the migration is completed.

  3. Activate the FortiToken on the new device.
  4. Go to the page User & Authentication > FortiTokens on the new device. Click Create New and input the activation code of the FortiTokens. The tokens would be imported into the new device.

  5. Re-provision every user, which means to bind a new token to user’s app again.
  6. Configure users on the new device, send the activation code through e-mails or SMS to do re-provision for all users, and the migration is completed. The seeds on the old device cannot be restored to the new device. This is designed to prevent possible fraudulent attacks.