Technical Tip: How to collect email from FortiGate with IP based policy where no authentication is used
| Description | This article describes how to collect email from FortiGate with IP IP-based policy where no authentication is used. |
| Scope | FortiGate. |
| Solution | Enable the Email collection under Feature Visibility -> Email Collection:
Enable the email collection under the CLI command in the policy where it is necessary to start collecting email IDs.
Commands:
config firewall policy edit <policy ID> set email-collect enable end
Once the above is enabled, users from the policy will get the following notification and disclaimer, and users need to accept and provide a valid email ID to access the internet:
Once the Terms and Disclaimer Agreement is accepted and a valid email ID is provided, the user will be allowed to access the Internet.
Add the Email Collection widget under Dashboard -> Status -> Add Monitor to verify email collection.
Search for Email collection:
When selecting Collected Email Monitor, select the FortiGate hostname from the dropdown :
Once selected, it should be possible to see the collected email IDs:
To check for collected emails in the CLI:
diagnose firewall auth mac list 00:47:65:**:**:**, e*****@gmail.com ----- 1 listed, 0 filtered ------
Note: This Email Collection feature is designed to collect email addresses from users joining the network. It does not perform any type of authentication process and cannot operate as an authentication method. Its purpose is limited to recording the email information provided by users during network access. Refer to this article: Technical Tip: How to modify the IDLE timeout for Email collection captive-portal users. |
