Skip to Content

Solved: How do I troubleshoot FTM-Push notification configured but not working?

By: Author Alex Lim

Posted on  - Last updated:

Categories Troubleshooting

This article describes the process of initial ftm-push troubleshooting.

Solution

The following are troubleshooting tips that need to be performed post configuring FortiToken mobile push notification, but unable to log in after tapping ‘Approve’ on the FortiToken Mobile Apps.

Step 1: Check if FTM is enabled in the Administrative Access of the wan interface under Network > Interfaces.

Step 2: Verify the server-ip address set in ftm-push and ensure that the status is enabled. In general, use 0.0.0.0 unless one has a specific reason to specify the public IP address.

Keep in mind that specifying a public IP address in server-ip might impact ftm-push fail-over when the device encountered an ISP issue.

# show full system ftm-push

Step 3: Note the server-port from the output of the above command and ensure that there’s no overlapping port issue under Policy & Objects > Virtual IPs.

Update that port if needed.

For instance, if port forwarding is configured under Virtual IPs for port 4433, and there is no conflict for 20443, then use the following commands:

# config system ftm-push
set server-port 20443
end

Step 4: Verify that the server-port is not blocked in local-in-policy.

# sh full firewall local-in-policy

Step 5: Run debug flow and ensure that the message ‘iprope_in_check() check failed, drop’ is not seen, which might indicate that the inbound ftm-push traffic is blocked due to Trusted Hosts configured under System > Administrators

# di de res
di de fl filter cl
di de cons t en
di de fl sh f en
di de fl sh iprope en
di de fl filter addr x.x.x.x <- where x.x.x.x is the corresponding public IP address for ftm-push
di de fl filter port yyy <- where yyy is the port number assigned to server-port in ftm-push
di de fl tr start 99
di de en

Step 6: test ftm-push, and disable debug flow once done using the following commands:

# di de res
di de dis

Step 7: If the issue persists after following the above steps, then gather the following debug and create a ticket.

# di de res
di de app ftm-push -1
di de en

Step 8: Finally, test ftm-push, and disable debug flow once done using the following commands:

# di de res
di de dis