Skip to main content
krauboti
krauboti
New Member
February 8, 2024
Question

SSL VPN 2FA email token/code not issued on first login attempt

  • February 8, 2024
  • 3 replies
  • 2080 views

Hi,

 

We are using two factor authorization with email token/code on our ssl vpn portal. Every time we create new users, they need to try login two times before email token is issued on the second try. Anyone have a solution/experience for this?

 

Thanks.  

3 replies

hbac
Staff
hbac
Staff
February 8, 2024

Hi @krauboti,

 

Is it a local user on the firewall or LDAP/RADIUS user? Which FortiOS version are you using?

 

Regards, 

krauboti
kraubotiAuthor
New Member
February 8, 2024

Hi @hbac,

 

Local users on the firewall, using FortiOS v7.2.3 build1262 on FGT40

mle2802
Staff
mle2802
Staff
February 8, 2024

Hi @krauboti,
Can you please run the following command when tried to log in the first time:

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1
diag debug application fnbamd -1 
diag debug en 

Regards,
Minh

krauboti
kraubotiAuthor
New Member
February 9, 2024

Hi @mle2802,

 

Thank you for the assistance and tips. It looks like the problem might be at the smtp relay server (O365). Firewall creates the code every time but fails to connect to the server when sending email within a certain time period then next time connects and sends email with success. Will look into settings in O365.

 

Thanks again. 

    krauboti
    kraubotiAuthor
    New Member
    February 13, 2024

    It looks like the FGT fails to resolve the FQDN smtp.office365.com sometimes so the solution was to use the IP address instead. No problems with connecting to the smtp relay server yet. 

     

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Resolving-Inconsistency-in-Connecting-to-smtp/ta-p/274792

     

    Thanks for all the support. 

    Terms & ConditionsAccessibility statement