Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Diagnosing FortiToken on the FortiGate

The following diagnose debug command will show a list of your FortiTokens, their drift, and status:

diag fortitoken info

FORTITOKEN DRIFT STATUS

FTK200XXXXXXXXXX 0 new

FTK211XXXXXXXXXX 0 new

FTKMOBXXXXXXXXXX 0 new

 

Total activated token: 0

Total global activated token: 0

Token server status: reachable

Status outputs:
  • new

Newly added to the FortiGate and not assigned to a user.

  • active

Assigned to a user. This output is for FortiToken-200 and 200 CD only.

  • provisioned

User has activated their token and is assigned to them. This output is for FortiToken Mobile only.

  • provision timeout

The administrator has set the token to the user, but the user has not activated the token within the timeout period. The token must be re-provisioned to the user.

  • token already activated, and seed won't be returned

FortiToken-200 has been added, removed, and re-added to the FortiGate. To transfer FortiToken-200 tokens from one FortiGate or FortiAuthenticator device to another, visit the Fortinet Support website.

  • activation error (token not exist in FortiGuard)

FortiToken-200 CD has been imported with the activation CD, but there is no contact to the FortiGuard server. In the event of this status, visit the Fortinet Support website.

When contacting customer support, you must provide the FortiToken serial number, as well as the FortiGate or FortiAuthenticator serial number to which the token is assigned.

Diagnosing FortiToken on the FortiGate

The following diagnose debug command will show a list of your FortiTokens, their drift, and status:

diag fortitoken info

FORTITOKEN DRIFT STATUS

FTK200XXXXXXXXXX 0 new

FTK211XXXXXXXXXX 0 new

FTKMOBXXXXXXXXXX 0 new

 

Total activated token: 0

Total global activated token: 0

Token server status: reachable

Status outputs:
  • new

Newly added to the FortiGate and not assigned to a user.

  • active

Assigned to a user. This output is for FortiToken-200 and 200 CD only.

  • provisioned

User has activated their token and is assigned to them. This output is for FortiToken Mobile only.

  • provision timeout

The administrator has set the token to the user, but the user has not activated the token within the timeout period. The token must be re-provisioned to the user.

  • token already activated, and seed won't be returned

FortiToken-200 has been added, removed, and re-added to the FortiGate. To transfer FortiToken-200 tokens from one FortiGate or FortiAuthenticator device to another, visit the Fortinet Support website.

  • activation error (token not exist in FortiGuard)

FortiToken-200 CD has been imported with the activation CD, but there is no contact to the FortiGuard server. In the event of this status, visit the Fortinet Support website.

When contacting customer support, you must provide the FortiToken serial number, as well as the FortiGate or FortiAuthenticator serial number to which the token is assigned.