Document
Library

Admin guide

Introduction
Acronyms and abbreviations
Main features
Licensing and availability
- Time-based subscriptions
- Credit-based subscriptions
  - Transition to time-based subscriptions
- FortiTrust-identity licensing
- SMS licensing
Architecture
Compatibility
- Compatible Fortinet applications
- Supported browsers
Important notes
- Credit-based licenses no longer available for purchase
- Use of non-officially supported FOS
- The same token for the same user on multiple auth clients
- FOS 6.2.3 and 6.4.0 CLI differences
- Admin accounts and realms
- Supported hard tokens
- No SMS MFA with FAC as LDAP server
- A single FTC user in multiple auth clients
- FAC users' name issues on FTC GUI
- How to use FortiClient
- Local vs. global disable/delete
QuickStart guide
FortiToken Mobile
- Supported FortiToken Mobile apps
- Activate FTM tokens
- Activate third-party tokens
- Use FTM tokens
Use cases
- One Token shared by different auth clients
- Change separate tokens to a single token
- Independent token
- Auto-Alias features—Use the same email address
- Split user quota to different realms
- FTC account lockout (2FA)
- Manage access to FTC
- Control risky conditions
- Switch from Fortitoken to FortiToken Cloud (FTC) lockout
- Migrate FTM tokens to FortiToken Cloud
Auth clients
- Getting started—FGT-FTC users
- Getting started—FAC-FTC users
- Transfer auth client (FC account lockout)
- Replace an old FortiGate with a new one
- Auth clients in HA mode
- Synchronize LDAP remote users in wildcard user group from FortiGate
- Email notification on license balance status
Maintenance
- Add, sync, and delete users
- Add, sync, and delete auth clients (devices)
- Service debug
Settings
- Global
- Realm
- Templates
FortiToken Cloud GUI
- Launch FortiToken Cloud
- FortiCloud
- Dashboard
- Administrators
- Users
- Realms
- FortiProducts
- Web Apps
- Devices (HA)
- Mobile Tokens
- Hardware Tokens
- Usage
- Licenses
- Adaptive authentication
- Logs
Product documentation and support
- Create an SMS credit balance alert event
FOS CLI commands for FortiToken Cloud
- Global system configuration
- Access FTC management commands
- Configure admin users
- Configure local users
- Configure local LDAP users for FTC service
- Configure wildcard LDAP users for FTC service
- Configure local RADIUS users for FTC service
- Migrate FTM tokens to FortiToken Cloud
- Diagnose FortiToken Cloud
FAQs
Release history
Technical support
Change log

Home FortiToken Cloud Admin guide

Replace an old FortiGate with a new one

Copy Link

Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:366192

Download PDF

Replace an old FortiGate with a new one

You can replace your FortiGate devices. The most important thing to remember is to back up the FortiGate configuration and restore it to the new FortiGate. For backup issue, visit Administration Guide | FortiGate / FortiOS 7.2.2 | Fortinet Documentation Library.

From the FortiToken Cloud, do the following:

Select Auth Clients -> FortiProducts.
Find the old FGT by searching the serial number in search bar.
Select the device from the Auth Client list, and click Delete.

After removed the old FortiGate, the new FortiGate can be registered to your FC account by entering the registration code from device, or the license number if it is a VM. After the device is registered under the FC account, you can enable FortiToken Cloud on the FortiGate. This is important because you are going to restore the users who are using FortiToken Cloud as the MFA method in the next step.

Now, it’s time to restore the configuration from the old FortiGate. After the basic configuration is restored, end-users will also be restored. (Note: If the users exist in the VDOM, you need to back up/restore the VDOMs configuration.)

Finally, the users and auth clients will be updated if “Auto-create Auth Client” is enabled in FortiToken Cloud Global setting page, otherwise, you need to run the command, “exec fortitioken-cloud update”, to manually update the VDOMs information from FortiGate to FortiToken Cloud and update the user's information.

After you finish all these steps, the new FortiGate should be set up and ready to use.

Previous

Next

Replace an old FortiGate with a new one

You can replace your FortiGate devices. The most important thing to remember is to back up the FortiGate configuration and restore it to the new FortiGate. For backup issue, visit Administration Guide | FortiGate / FortiOS 7.2.2 | Fortinet Documentation Library.

From the FortiToken Cloud, do the following:

Select Auth Clients -> FortiProducts.
Find the old FGT by searching the serial number in search bar.
Select the device from the Auth Client list, and click Delete.

After removed the old FortiGate, the new FortiGate can be registered to your FC account by entering the registration code from device, or the license number if it is a VM. After the device is registered under the FC account, you can enable FortiToken Cloud on the FortiGate. This is important because you are going to restore the users who are using FortiToken Cloud as the MFA method in the next step.

Now, it’s time to restore the configuration from the old FortiGate. After the basic configuration is restored, end-users will also be restored. (Note: If the users exist in the VDOM, you need to back up/restore the VDOMs configuration.)

Finally, the users and auth clients will be updated if “Auto-create Auth Client” is enabled in FortiToken Cloud Global setting page, otherwise, you need to run the command, “exec fortitioken-cloud update”, to manually update the VDOMs information from FortiGate to FortiToken Cloud and update the user's information.

After you finish all these steps, the new FortiGate should be set up and ready to use.

Previous

Next