Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-04-2023 01:19 PM Edited on ‎10-04-2023 03:47 PM

FTM app migration & FAC push-notification

I couldn't find any article clearly saying either "not possible" or "how to do it" online so far. But most of our FortiToken Mobile users who tried migrating from an old phone to a new phone told me a migration didn't work. So we always reactivate a token again.

Recently one iPhone user who tried to migrate to a new iPhone told me the migration itself worked and she could use the 6-digit token code to get connected from the new phone. However, she never be able to get a push-notification.

 

I found one discussion at Stackoverflow saying it involves a certificate and the "transfer" option at the app doesn't transfer it. But again, I couldn't find any from FTNT backing up the claim.

 

Is it possible transfering FTM app w/ assigned tokens to a new phone with ability to get a notification? And if so, how should we do it?

 

Thanks,

 

 

Toshi

 

 

1745
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎11-15-2023 09:38 AM

I got excellent support from TAC. Arguably one of the bests for last 15 years.


First, this transfer process between FTMs and FortiCare/FortiGuard and FAC with the latest FAC versions like 6.4.8 and 6.5.3 is described in the admin guide:
https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/911252/tokens

 

The exact situation my two phones had fell into was the token(s) was transferred to the new phone but the notification was still sent to the old phone because I transferred it back to the original phone before FAC's next 5 min interval FTM polling happens. To avoid this from happening, I could have click "Refresh FTM" button in FAC's Authentication->User Management->FortiTokens page. The token status was apparently still "Pending" when I triggered the 2nd transfer.

 

Also the TAC person cleared my doubt about transferring Tokens from a deactivated phone. As long as it has internet connection via WiFi, it should work fine.

 

Toshi

 

View solution in original post

1280
9 REPLIES 9
mpeddalla
Staff
Staff

Created on ‎10-05-2023 05:04 AM

Hello @Toshi_Esumi ,

 

Thank you for contacting the Fortinet Forum portal,

 

As suggested links by my colleague, you can use them they should show you the push notification as well.

 

Also, refer below links 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/10a95bdc-2ae4-11ec-8c53-005056...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Transfering-a-mobile-Token-from-one-phone-...

the third-party article also shows similar steps 

https://alamocolleges.screenstepslive.com/a/1519443-transferring-your-fortitoken-to-a-new-device

 

For troubleshooting push notification issue :

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FTM-Push-notification-configured-but...

 

Hope all these links help further analysis.

Best Regards,

Manasa.

 

1701
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-05-2023 08:26 AM Edited on ‎10-05-2023 08:29 AM

The FAC configuration to allow transfer seems to be what exactly I configured. But I didn't know the tranfer code would be sent out from the FAC not generated by the old phone's FTM app.

For the debugging method, I unfortunately don't have two smartphones to test a transfer, so I have to wait the next person who needs to do that and get cooperation to find out what is causing a tranfer to fail. This is not as easy as you would imagine. Without SSL VPN they can't do anything and want to get a new activation code re-sent right away, which we know always works. It requires a good luck to find someone who is very patient and who happens to need to have gotten a new phone.

 

Toshi

1689
0 Kudos
xsilver_FTNT
Staff
Staff

Created on ‎10-09-2023 12:53 AM

Not sure which platforms, but I did migration between Apple iPhone models 4S and 8 few years ago and it was surprisingly very smooth. As FortiToken Mobile app and all the tokens inside simply migrated via iCloud backup to the new phone and there was no need to do anything on any Forti* side.
Authentication kept working as expected.

 

Have no experience with Android platforms, or Android to Apple or vice verso migrations.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1656
Toshi_Esumi
SuperUser
SuperUser
In response to xsilver_FTNT

Created on ‎10-09-2023 09:01 AM Edited on ‎10-09-2023 03:02 PM

Tom @xsilver_FTNT, are you using "push-notification?

 

Toshi

1643
0 Kudos
ndumaj
Staff
Staff
In response to xsilver_FTNT

Created on ‎10-13-2023 06:42 AM

Hi @Toshi_Esumi 

This feature is enabled on FAC and it is tested and everything works smoothly.
After hitting transfer, the user will receive a new email with a QR activation and after activation the authentication will work perfectly fine for the user as far as the Fortitoken SN will not be changed. User will still have the same Fortitoken SN.
BR

- Happy to help, hit like and accept the solution -
1573
Toshi_Esumi
SuperUser
SuperUser

Created on ‎11-12-2023 10:08 PM Edited on ‎11-12-2023 10:14 PM

Finally, I decided to get another smartphone (iphone) to test this token transfer from an android phone myself. And transferring them back. Below screenshots were when I tranfered two tokens back to the android.

android FTM: 5.3.3.0086

iphone FTM: 5.4.3.0123

Those phones have different phone numbers.

 

1. Initiate a transfer at iphone

TokenTransferSource1-iphone.png

 2. Then hit "OK" at iphone

TokenTransferSource2-iphone.png

3. I got a transfer activation email at this point, so tried activate it with android, then failed. I'm now guessing our users might have encountered this then gave up.

TokenTransferDestination1-android.png

 4. Finally I hit "Proceed" on iphone then scan the QR code again with android to complete the transfer

TokenTransferSource3-iphone.png

 

Now I'm confident it would work if both phones are active. But most transfers happen when users get a new phone to replace the old one. At that time, the old phone's cell service (phone number) is already transferred to the new phone.

Does this transfer process still work when the initiating phone doesn't have a cell service? Means, can this transfer be initiated over WiFi internet?

 

Toshi

 

1319
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎11-14-2023 01:50 PM

Besides the question above, after I moved the tokens back to my Android, the push notification doesn't work any more, which similar to what was reported by one of users. My FTM app on the Android has another token with one of our FGTs for VDOM admin login. So I didn't uninstall and reinstall the app. That might be triggered this problem.
Since I have the environment to show, I'll open a TAC case for this part.

 

Toshi

1294
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎11-15-2023 09:38 AM

I got excellent support from TAC. Arguably one of the bests for last 15 years.


First, this transfer process between FTMs and FortiCare/FortiGuard and FAC with the latest FAC versions like 6.4.8 and 6.5.3 is described in the admin guide:
https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/911252/tokens

 

The exact situation my two phones had fell into was the token(s) was transferred to the new phone but the notification was still sent to the old phone because I transferred it back to the original phone before FAC's next 5 min interval FTM polling happens. To avoid this from happening, I could have click "Refresh FTM" button in FAC's Authentication->User Management->FortiTokens page. The token status was apparently still "Pending" when I triggered the 2nd transfer.

 

Also the TAC person cleared my doubt about transferring Tokens from a deactivated phone. As long as it has internet connection via WiFi, it should work fine.

 

Toshi

 

1281
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.