Troubleshooting Tip: Identifying which FortiGate trigger email based two-factor authentiction for admin login
| Description | This article describes how to identify the source FortiGate which triggers the email-based 2FA request for admin login. |
| Scope | FortiGate. |
| Solution | FortiGate is configured to use email based two-factor authentication for admin login using the processes outlined in Technical Tip: Email Two-Factor Authentication on FortiGate with a default SMTP server from Fortinet. In cases where multiple FortiGates are managed, it can be a challenge to identify which FortiGate triggered the email and prevented a brute force attack.
The public IP of the FortiGate which triggers the email can be found in the email header. To verify this information, double-click on the email, go to File -> Properties (this applies to Outlook) and find 'X-FEAS-Client-IP'. That should be the public IP of the FortiGate which triggered the email.
To see a sender's IP address in Gmail, open the mail item and select the three dots next to the reply button, and select 'Show original'. Then, in the new window, look for the X-FEAS-Client-IP.
|
