From 82036e127381555c045b3b970ede8fde2f4dfee8 Mon Sep 17 00:00:00 2001
From: Yuri Slobodyanyuk <yuri@yurisk.info>
Date: Wed, 8 Feb 2023 15:05:33 +0000
Subject: [PATCH] Fortigate: added Fortitoken section

---
 ...e-debug-diagnose-complete-cheat-sheet.adoc | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
index 9143a5e..213dbae 100644
--- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
+++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
@@ -966,6 +966,41 @@ Google or documentation.
 
 |===
 
+== FortiTokens
+
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*diagnose fortitoken info*
+|Show all existing on the Fortigate Fortitokens, including their status:
+
+* `new` - new token, available to be assigned to a user.
+* `active` - normal state, assigned to a user, hardware Fortitoken.
+* `provisioning` - Fortitoken Mobile (FTM), assigned to a user, waits for end
+ user to activate it on his/her mobile phone.
+* `provisioned` - FTM, assigned to a user and activated by him/her as well.
+* `provision timeout` - user hasn't activated the assigned token in the given
+ time window (3 days default), the token needs to be re-provisioned to a user again.
+`locked` - token was locked either manually by administrator, or because
+Fortigate was not able to reach Fortiguard servers. 
+
+
+|*exec ping fds1.fortinet.com*
+
+*exec ping directregistration.fortinet.com*
+
+*exec ping globalftm.fortinet.net*
+
+|Verify that Fortigate can resolve and ping  the FortiGuard servers
+responsible for FortiToken activation/license validation.
+
+|*show user fortitoken*
+|Display all Fortitokens info on license number, activation expiration (in epoch
+format). 
+
+|===
 
 == Alerts Sending debug