Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff

Created on ‎07-14-2024 09:34 PM Edited on ‎08-20-2024 07:30 AM By Moderator

Article Id 325862

Troubleshooting Tip: The email two-factor authentication code for SSL VPN client is never received

Description This article describes when the two-factor authentication email code has been set up properly but never received. This issue can be identified from the debug log.
Scope FortiGate v7.0.
Solution

The email server configuration on FortiGate has been set up properly but never received.

 

get system email-server
type : custom
reply-to : DoNotReply@notification.fortinet.net <- Default setting.
server : 192.168.12.14
port : 25
source-ip : 0.0.0.0
source-ip6 : ::
authenticate : enable
username : j51214
password : *
security : none
interface-select-method: auto

 

emailkb.PNG

 

To check more details by running the commands below:

 

diagnose debug console timestamp enable

diagnose debug application sslvpn -1

diagnose debug application fnbamd -1

diagnose debug application alertmail -1

diagnose debug enable

 

2024-07-02 14:18:20 [786] create_auth_token_session-Created auth token session 1738883391
2024-07-02 14:18:20 Arrived msg(type 6, 89 bytes):j51214@mail.sdd.com
AuthCode: 038395
Your authentication token code is 038395.   <- FortiGate has generated a Token code.

2024-07-02 14:18:20 mail_info:
from:192.168.12.14 user:DoNotReply@notification.fortinet.net  <- It was going to send mail to the client.
fam_auth_send_req_internal:563 found node SSLVPN:0:, valid:1, auth:0
2024-07-02 14:18:20 mail_info:
reverse path:DoNotReply@notification.fortinet.net
2024-07-02 14:18:20 [315:root:1d11]2024-07-02 14:18:20 to[0]:j51214@mail.sdd.com
2024-07-02 14:18:20 <==_init_mail_info
2024-07-02 14:18:20 create session
2024-07-02 14:18:20 resolve 192.168.12.14 to 1 IP
2024-07-02 14:18:20 ==> send mail
2024-07-02 14:18:20 connecting to 192.168.12.14 port 25
2024-07-02 14:18:20 send mail 0xa8101d0 session 0xa8413a0

 ......

2024-07-02 14:19:25 details: M.14 <donotreply@notification.fortinet.net>... Non-local sender is not allowed to relay when SMTP Auth passed <- Send mail failed caused by the local mail server is not allowing a non-local sender (DoNotReply@notification.fortinet.net).

2024-07-02 14:19:25 session: 0xa8413a0, rsp_state: quit, code: 221
2024-07-02 14:19:25 session finished
2024-07-02 14:19:25 _session_on_destroy
2024-07-02 14:19:25 <== send mail failed, m = 0xa8101d0 s = 0xa8413a0

 

Modified the email sender (same local domain) under the setting below and the email two-factor authentication code can be received from the email server.

 

config system email-server
    set reply-to ''noreply@mail.sdd.com"

end

 

emailkb2.PNG

 
2336
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.