Created on 08-07-2019 12:47 AM Edited on 06-02-2022 10:05 AM By Anonymous
Description
This article describes the steps to configure Two Factor Authentication on FortiGate with token delivery to user’s email.
Useful links:
CLI Reference: https://docs.fortinet.com/document/fortigate/6.0.6/cli-reference/689474/system-email-server
Solution
There are two steps to complete this configuration:
1) Configure the SMTP server.
#config system email-server2) Create user(s) with email two factor enabled.
set reply-to {Sender_email_address}
set server {SMTP_server_FQDN/IP}
set port {SMTP_server_port_number}
set authenticate {enable | disable}
set username {username}
set password {password_string}
set security {none | starttls | smtps}
end
#config user localNOTE: Email based two-factor authentication can only be enabled via CLI.
edit {username}
set type password
set two-factor email
set email-to {user_email_address}
set passwd {password}
next
end
#config system admin
edit "admin"
set type password
set two-factor email
set email-to user_email_address
set passwd password
next
end
Verification of Configuration:
Once the newly created user can access certain service (e.g. SSL-VPN), the user will be prompted for username and password as usual during access attempt.
If correct credentials are entered by the user, the user will be prompted to enter a token. This token will be delivered to the user’s mailbox. Once the user enters the received token, access will be granted.
Troubleshooting:
Debugging of the authentication process:
#diag debug resetDebugging of token delivery via email:
#diag debug application fnbamd -1
#diag debug enable
#diag debug reset
#diag debug application alertmail -1
#diag debug enable
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.