Technical Tip: Verifying successful email Multi-Factor Authentication with FortiToken
| Description | This article describes what happens when users implement email authentication on VPN or administrator access and set up email to send a FortiToken Mobile using SMTP services. |
| Scope | FortiOS. |
| Solution | Email authentication can be set or used in multi-factor authentication to receive the authentication code or token. The FortiToken Mobile code can also be received through email services for authenticating VPN users or administrative access. A configuration example for two-factor authentication by email can be found here: Technical Tip: Email Two-Factor Authentication on FortiGate. Once the SMTP server is set up in the FortiGate settings, users can use that email server to send emails. The destination email can be found in the user configuration. 
Now, once the successful token is sent, it can be checked and verified with an alert email debug from the CLI. CLI debug: diagnose debug reset diagnose debug console timestamp enable diagnose debug application fnbamd -1 diagnose debug application http_authd -1 <-- New command in v7.6.4. diagnose debug application alertmail -1 diagnose debug enable While the debug is being run, a logging attempt is required to fetch the information for the above debugging commands. The following output will be seen once the token has been successfully sent: 2024-12-07 14:49:00 [2365] handle_req-Rcvd auth_token req 1731425044 for test_user1 in 2024-12-07 14:49:00 [429] __compose_group_list_from_req-Group 'VPN-Users', type 1 2024-12-07 14:49:00 [733] create_auth_token_session-Created auth token session 1731425044 2024-12-07 14:49:00 Arrived msg(type 6, 82 bytes):service@example.com AuthCode: ****** Your authentication token code is ******. 2024-12-07 14:49:00 mail_info: from:smtp.office365.com user:test_user1@example.com <-- Sender's Email service information. 2024-12-07 14:49:00 mail_info: reverse path:test_user1@example.com <-- Receiver's Email service information. user name:test_user1 <-- User info. 2024-12-07 14:49:00 to[0]:service@example.com 2024-12-07 14:49:00 local auth is done with user 'test_user1', ret=7 <-- User authentication accepted. 2024-12-07 14:49:00 <==_init_mail_info 2024-12-07 14:49:00 create session 2024-12-07 14:49:00 resolve smtp.office365.com to 1 IP 2024-12-07 14:49:00 ==> send mail 2024-12-07 14:49:00 connecting to 40.99.60.2 port 587 <-- Trying to connect to the receiver SMTP server. 2024-12-07 14:49:00 send mail 0x44433e0 session 0x4434718 2024-12-07 14:49:00 session: 0x4434718, rsp_state: greeting, code: 220 <-- SMTP session started. 2024-12-07 14:49:00 session: 0x4434718, rsp_state: ehlo, code: 250 <-- Requested task completed. 2024-12-07 14:49:00 session: 0x4434718, rsp_state: starttls, code: 220 <-- Secure SMTP started and wait for clients EHLO. 2024-12-07 14:49:00 rsp_starttls: creating ssl structure for session 0x4434718 2024-12-07 14:49:00 create_ssl: 0x442fe98 2024-12-07 14:49:00 sessionn 0x4434718, SSL connected 2024-12-07 14:49:00 session: 0x4434718, rsp_state: ehlo, code: 250 <-- EHLO received. 2024-12-07 14:49:00 session: 0x4434718, rsp_state: auth, code: 334 <-- Response to AUTH and accepted. 2024-12-07 14:49:03 session: 0x4434718, rsp_state: auth2, code: 235 <-- AUTH succeeded. 2024-12-07 14:49:03 session: 0x4434718, rsp_state: mail, code: 250 2024-12-07 14:49:03 session: 0x4434718, rsp_state: rcpt, code: 250 2024-12-07 14:49:04 session: 0x4434718, rsp_state: data, code: 354 <-- Input data/content. 2024-12-07 14:49:04 === send: Your authentication token code is *******. <-- Content inserted. 2024-12-07 14:49:04 session: 0x4434718, rsp_state: data2, code: 250 <-- Data accepted/received. 2024-12-07 14:49:04 session: 0x4434718, rsp_state: quit, code: 221 <-- Service closing/BYE 221 OK. 2024-12-07 14:49:04 session finined 2024-12-07 14:49:04 _session_on_destroy 2024-12-07 14:49:04 <== send mail success, m = 0x44433e0 s = 0x4434718 <-- Received by the receiver Email Service. The data or message will appear in plaintext and can be viewed in the debug. As soon as the communication starts processing, the RSP code 221 will appear and terminate the current session 0x44433e0. The 'send email success' indicates that the email is being successfully sent from the sender's mail service to the receiver. Related articles: |