Fortinet FortiToken 200 Quick Start Manual
QuickStart Guide
FortiToken 200
The FortiToken 200 is a small hardware token generator that fits on a
key-chain. Simply press the button and the FortiToken 200 generates and
displays a secure one-time password (OTP) that you enter along with your
regular password for secure authentication and access to critical applications and sensitive data.
The time remaining is shown on a bar graph in 10-second increments. After
the 60 seconds is up, the password expires and the FortiToken display
turns off.
Step 1. Unpacking
Open the shipping carton and carefully unpack its contents. The carton should contain the following items:
• FortiToken 200 units
• QuickStart Guide
• Activation CD
If any item is found missing or damaged, please contact your local reseller for replacement.
Package Contents:
FortiToken 200
ONE TIME PASSWORD
Time Remaining
Indicator
FortiToken™200
Activation File
ONE TIME PASSWORD
Start
Button
FortiToken 200
Password Display
(6 digits)
Step 2. Activating the FortiToken unit
Before you can successfully use the FortiToken 200CD token, it must first be installed and activated on the FortiGate or FortiAuthenticator platform,
depending on which platform you are using as your token validation server.
Important: The FortiGate or FortiAuthenticator unit’s clock must be accurate to work properly with the FortiToken devices. It is strongly recommended
to synchronize the clock with a Network Time Protocol (NTP) server.
To activate the tokens on FortiGate units
1. Log in to the Web-based Manager of your FortiGate unit from your computer.
2. Insert the CD labeled FortiToken 200 Activation File.
3. Go to Authentication > Two Factor Authentication > FortiToken, select Hard Token as the Token Type, and click Import.
4. Select Seed File, browse to the .FTK file on the CD, and click OK. The loaded serial numbers will appear in the list and the user can choose to
cancel the import if desired. You can then cancel the import or continue by clicking OK.
5. Each FortiToken 200 will be installed and activated, and shown as Available in the FortiToken UI
To activate the tokens on FortiAuthenticator units
1. Log in to the Web-based Manager of your FortiAuthenticator unit from your computer.
2. Insert the CD labeled FortiToken 200 Activation File.
3. Go to Authentication > Local User Management > FortiTokens, select Import, and check the Seed File option.
4. Browse to the .FTK file on the CD and click OK. The loaded serial numbers will appear in the token list.
5. Each FortiToken 200 is now installed and activated, and shown as Available in the FortiToken UI.
Step 3. Assigning FortiTokens to Users
To assign a FortiToken unit to a user
1. Do one of the following:
• To assign a FortiToken to an administrator (super-users only), go to System > Admin > Administrator and select the check box for the
administrator account you want to configure, then select Edit from the toolbar.
• To assign a FortiToken to a regular user, go to User > User > User and select the check box for the user account you want to configure, then
select Edit from the toolbar.
2. In the dialog box, select the Enable Two-factor Authentication check box. Under Deliver Token Code by, select the FortiToken option and then
select the FortiToken serial number you want to assign to the selected user account. Select OK.
Step 4. Logging In with FortiToken
After they have been activated and assigned to users, the FortiToken units can be used to log in securely to your network through the SSL-VPN client,
the standalone FortiClient SSL-VPN tunnel client, the FortiClient console, or the FortiGate Web-based Manager. This section explains the login procedure for each method.
To log in using the SSL-VPN Client
1. In the SSL-VPN web login page, enter your user name and password and select Sign In. The login page refreshes and the FortiToken Code field
appears.
2. Press the Start button of your FortiToken unit, type the generated token password into the FortiToken Code field on the login page and then select
Login. You must do this within the 60 seconds while the token password is still valid.
To log in using the standalone FortiClient SSL-VPN tunnel client
1. Go to Start > All Programs > FortiClient > FortiClient SSL-VPN.
2. In the FortiClient SSL-VPN client, select the Connection Name from the list.
3. Enter your user name, then press the Start button of your FortiToken unit.
4. In the Password field, type your password concatenated with the generated token password. For example, if your password is
password and your token code is 123456, you would enter password123456.
5. Select Connect to initiate the connection. You must do this within 60 seconds while the token password is still valid.
To log in using the FortiClient console (IPsec VPN)
1. In the FortiClient console, go to VPN > Connections, select the connection you want to start and select Connect.
2. In the VPN Login dialog box, enter your user name and password and select OK. The login page refreshes and the FortiToken Code field appears.
3. Press the Start button of your FortiToken unit, type the generated token password into the FortiToken Code field and select OK. You must do this
within 60 seconds while the token password is still valid.
To log in using the FortiGate Captive Web Portal (Firewall Identity Check)
1. Connect to the captive web portal.
2. In the Authentication Required dialog box, enter your user name and password, then select Continue. The FortiToken Required dialog box appears.
3. Press the Start button of your FortiToken unit, type the generated token password into the Token Code field, and select Continue. You must do this
within 60 seconds while the token password is still valid.
To log in using the FortiGate Web-based Manager (super-user administrators only)
1. In your web browser, enter the URL (using https) of the FortiGate unit you want to access.
2. In the Login dialog box, enter your user name and password and then select Login. The login page refreshes and the Token Code field appears.
3. Press the Start button of your FortiToken unit, type the generated token password into the Token Code field and select Login. You must do this
within 60 seconds while the token password is still valid.
Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered
trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance metrics contained herein were
attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different
network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent
Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly
warrants that the identified product will perform according to the performance metrics herein. For absolute clarity,
any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.
Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise
this publication without notice, and the most current version of the publication shall be applicable.
Regulatory Compliance: FCC Class A Part 15, / CE Mark
August 23, 2012
00-000-179550-20120823
Visit these links for more information and documentation for your Fortinet product:
• Technical Documentation: http://docs.fortinet.com
• Knowledge Base: http://kb.fortinet.com
• Customer Service & Support: https://support.fortinet.com
• Training Services: http://training.fortinet.com
Loading...