FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
chaithrar
Staff
Staff
Description
This article describes the steps to configure SMS Two Factor Authentication in a FortiGate.

Solution
There are four steps to complete this configuration:

1. Configure the SMTP server.
2. Configure the SMS service on the FortiGate.
3. Configure the SMS service on SMS provider.
4. Create user(s) with SMS two factor enabled.

1. Configure the SMTP server.

config system email-server
   set type custom
   set reply-to <reply-to string> ------{ specify the reply-to email address.
   set server <IP or domain of the SMTP Server>
   set port 25
   set source-ip 0.0.0.0
   set source-ip6 ::
   set authenticate disable
   set security none
end


2. Configure the SMS service on the FortiGate.

config system sms-server
edit <provider> ------{ Provider Name or Any name
set mail-server <server_name> ------{ providerdomain
end


3. Configure the SMS service on SMS provider.

The configuration of these settings will be dependant upon the SMS provider.

4. Create user(s) with SMS two factor enabled.

config user local
edit <user> ------{ User name
   set two-factor sms
   set sms-phone "xxxxxxxxxxxx"
   set sms-server custom
   set sms-custom-server <provider> ------{ configured in Step 2
end


Verification of Configuration.

Important Notes:

1) The SMTP server configured in step 1 is going to be the server that the FortiGate uses to communicate to the SMS servers. This means that the SMTP server should allow the FortiGate to relay through it.

2) The mail-server address in step 2 is going to be the domain of the email address the FortiGate sends emails to.

So for example using the above config;  the FortiGate will send an email to [mobile_number_of_recipient]@[providerdomain] through the server IP configured in step 1.

- Login to the FortiGate unit using the user created in step 4 > username and password.
- When you click on 'Login' you will get the 'Token Code' request and a SMS will be sent to your phone.
- Type in the the one time code and login to your FortiGate.

Troubleshooting.

diagnose sniffer packet any 'port 25' 6

Contributors