Push notification services for FortiToken Mobile

theFWdude · ‎10-30-2017

So, I got this message on my FAC today when I logged into it: "The push notification service for FortiToken Mobiles will stop working on 2017-11-27. Please upgrade the FortiAuthenticator firmware before then to avoid any service disruptions". Has anyone else gotten this message on their FAC?

FAC Info

Code: v5.0.0, build0012 (GA)

License Type: Full (never expires)

Thanks,

FWDude

-TFWD

cbabfat · ‎10-31-2017

I just logged in to check and I got the same error message. I checked the date on my firmware and wow, I can't believe it has been this long since I updated. I assume they are making some change that you need at least a certain version of firmware to support push notifications. I still am not using push notification since it requires a hole in the firewall.

Interesting though, I guess you are running the latest code.

theFWdude · ‎10-31-2017

Yea, we're on the latest code release. The FAC was a new build so I built it on the latest release at the time.

-TFWD

theFWdude · ‎10-31-2017

So TAC just got back with me on this. Evidently FAC 5.1 will provide support for Push Authentication. "Push authentication is simply an easier way to perform authentication on the phone instead of having to enter the OTP."

-TFWD

xsilver_FTNT · ‎10-31-2017

It is false flag warning and is handled internally. Next patch releases should have that fixed.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

cbabfat · ‎10-31-2017

It is interesting this just started happening. We were running 9 to 12 months behind in code and this morning we got that popup. Obviously, the system checked-in or something to now start getting the popup. I don't like. Not on my authentication platform.

Anyway, took the opportunity to upgrade to 5.00 this evening.

menayoub · ‎11-13-2017

So should we Update or not ?

I am on version v4.00-build0155-20161228-patch00

If the Update was necessary, to which version ?

Kind regaards

cbabfat · ‎11-13-2017

I would stay in the 4.x range right now. Will reply more in a few minutes.

cbabfat · ‎11-13-2017

5.00 has the mystery pop-up about push notifications. We don't use push, but since upgrading to it, we don't get the pushes anymore. Probably want to stay away from that if you are using push, but I don't know the details.

5.1.0 Came out and it broke our RDP, but push error message went away. It broke the Microsoft Windows Agent 2.0.2 (the current version for a while). The request goes to the Authenticator, authenticates THERE with token, then tries to authenticate AGAIN and looks like it never responds to the agent on the RDP server.

5.1.1 came out with patches to broken stuff in 5.1.0. That still did not fix the Microsoft Windows Agent and our RDP. They never acknowledged it until they finally got a hold of me days later. I was disappointed with how long it took support. We ending up rolling back to 5.0.0. AND if I could have got a hold of someone in tier 2 faster, I would have rolled back immediately. Instead, we were impacted and had a lower security stance during some hours over the weekend. Otherwise, we turned off RDP we not necessary for security. Our error is pushed over to engineering/development.

These were a bunch of patches too close together, so I would give it some time. I assume 5.1.2 should be released shortly, but I would wait till it is out for a while.

Chris

bmduncan34 · ‎01-31-2018

I just upgraded to 4.3.3 and I got that message. My tokens appear to be working fine. What did you find out?

Thanks