@ac89live idea is the same, but FTK200 is HARDWARE and not MOBILE token and therefore do have a little bit different statuses.
However to original post ..
1. drift is difference between clock inside token (device, for mobile, or hw clock in hardware models like 200-211-220)
2. FortiGate/FortiAuthenticator should have system time synced by NTP
3. regardless of NTP sync a clock in token can get out of auto-correction window and so message requesting two consecutive codes for manual sync is shown. That might also happen during first/initial deployment, and so I'd suggest/recommend to admin to sync tokens before handing them over to users
# execute fortitoken sync <tokenId=SN> <code1> <code2>
- where code1 and code2 have to be consecutive token codes, one after another, so in 60 sec interval (default for HW tokens)
Numbers in DRIFT column on GUI or in 'diag fortitoken info'
show how many cycles is token's clock ahead or behind system clock in FGT/FAC.
post edited by xsilver - 2020/06/04 06:25:05