Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AnthonyH
Staff
Staff

Created on ‎11-20-2024 07:38 AM Edited on ‎11-20-2024 07:41 AM By Moderator

Article Id 358649

Troubleshooting Tip: Two-Factor email expiry timer for administrator accounts is not applied

Description The article describes how to resolve an issue where the two-factor email expiry timer does not take effect.
Scope FortiGate.
Solution

Originally, the two factor expiry timer was developed for authentication for RADIUS, LDAP, TACACS or for firewall policy authentication and not intended to be used for the local administrator authentication.

 

In this example, an administrator account was created and setup for two factory authentication using email:

 

config system admin
    edit "admin-read"
        set two-factor email
        set email-to "myemail@example.com"
    next
end

 

In the global settings, the two-factor email timer was set to 30 seconds:

 

config system global

    set two-factor-email-expiry 30

end

 

However, after the two-factor code was sent to the email and after waiting for more than the configured 30 seconds, the administrator login was still successful.

 

The two-factor expiry timer may be fixed on v7.2.11 and v7.6.1.
47
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.