Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff

Created on ‎05-09-2020 08:24 AM Edited on ‎11-09-2025 10:59 PM By Community Manager

Article Id 190638

Technical Tip: Increasing email Token expiry time

Description


This article describes how to increase email Token expiry time via CLI. In some cases due to email delays, users cannot log-in due to Token code expiry.

 

Scope

 

FortiGate.

 

Solution


Use the following command:

 

config system global
    set two-factor-email-expiry 300
    set remoteauthtimeout  300
end

 

It explains that 'two-factor-email-expiry' defines how long the 2FA code (email-based token) remains valid, in seconds, and 'remoteauthtimeout'defines how long FortiGate waits for the remote authentication server (RADIUS/LDAP/SAML/etc.) to respond before timing out.


'remoteauthtimeout' does not control 2FA code validity directly but affects the overall login process.

 

'remoteauthtimeout' command will override the two-factor-email-expiry, so increase both timers. The mentioned value is in seconds.

This timer is not correctly applied in some of the latest versions (v7.2.10+, v7.4.5+, v7.6.1+) when using IPsec (IKEv2) Remote Access VPN. This is a known issue, tracked under bug 1087651, which will be fixed in v7.6.3 and v7.4.8 (until now).

 

If upgrading to v7.6.3 and v7.4.8 does not resolve the issue, use IKEv1 as a workaround. 

Labels:
9448
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.