FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 194023
This article explains how to configure Forticlient SSLVPN using email two-factor authentication.

The advantage of this solution is that FortiToken license is not required in order to generate tokens and send it to users.

The disadvantage is that this solution requires the user to have internet connectivity and access to email during the authentication attempt.
Therefore, depending on other configurations, this is not an appropriate solution for captive portals or dial-up IPsec authentication.

Configure the SMTP server.

For version 5.6 and 6.0:
Go to System -> Advanced.

For version 6.2:
Go to System -> Settings.

From the GUI:

From the CLI:
# config system email-server
    set reply-to {Sender_email_address}
    set server {SMTP_server_FQDN/IP}
    set port {SMTP_server_port_number}
    set authenticate {enable | disable}
    set username {username}
    set password {password_string}
    set security {none | starttls | smtps}
Create user.

Email based two-factor authentication can only be enabled via CLI.

Example shown for Local user:
# config user local
  edit "guest"
        set type password
        set two-factor email
        set email-to "
        set passwd ENC Fie9gxr7BS8GVFPZc2B5HtDuF9nt+81fw2W84I+BPLgH5nBxRC99

To configure SSLVPN check the below URL:

Connect to Forticlient VPN.
once logged to Forticlient VPN, token will prompt on same screen.
See the below screenshot for reference .


To check authentication process:
# diag debug reset
# diag debug application fnbamd -1
# diag debug enable
Debugging of token delivery via email:
# diag debug reset
# diag debug application alertmail -1
# diag debug enable