Add, sync, and delete applications (FortiProducts)
When an application communicates to FTC for the first time, this application will be added to the FTC system automatically. The first communication can be triggered by creating an FTC user on the application or by running some CLI commands on the application. The application can be deleted from the FTC portal by choosing applications>FortiProducts or Webapps.
Use cases
-
Register a new FortiProduct, for example FortiGate, using the license or serial number of the device, create a new VDOM in FGT, or delete a VDOM.
-
Run “
exec fortitoken-cloud update
” on FGT to sync VDOMs (applications in FTC) to FTC. -
If syncing works well, the output will show:
List of VDOMs updated to FortiToken Cloud.
-
After syncing, if the Multi-realm Mode is disabled, any new application will be assigned to the default realm. When Multi-realm Mode is enabled, any new application registered in FTC will be automatically assigned to a new realm.
How to debug
FortiToken Cloud has special debug mode in the FOS (ex. FortiGate) side. Before you perform any user sync/delete/add operation, the debug mode can be opened by running:
config global (if the multi-vdom mode is enabled)
diag fortitoken-cloud debug enable (to enable the FTC debug mode)
diagnose debug console timestamp enable (to add the timestamp to log output)
diag debug appl fnbamd –1
diag debug application httpsd 255
diag debug enable (to start the show debug message)
After running the CLI commands shown above, if any FTC user sync/delete/add action is triggered, the log message will show in the CLI. Or, if another CLI is open and executes “exec fortitoken-cloud update
”, the log will also display because it manually triggers the FortiToken Cloud user update in FOS (ex. FortiGate).
If you are unable to fix the error message using the aforementioned commands, the FortiToken Cloud support team is standing by to provide any assistance if needed. Just create a support ticket and submit it to our TAC team. We will respond to your service request and resolve your issue as soon as possible. It’s recommended that you attach the debug log output in the ticket to enable the TAC team or the FortiToken Cloud Support Team to investigate the error faster. To contact technical support, visit Technical Support.