First, set up a Gmail account. To do this, go to account settings and select security.

Having a second method of account authentication is important, otherwise, the mail relay permission cannot be continued.

Another email account, cell phone number, or an application can be added.

Search for 'App passwords' in settings. Once located, assign a name to the app and then select Create.

As a final step, the password for the new 'App' will be displayed. This password should be kept safe, as it will be used in the configuration of FortiManager.

These are all the steps required in the Google account.

Enter FortiManager and register a mail server. To do this, go to System Settings -> Advanced -> Mail Server -> Create New.

At this point, fill in the fields by naming the server, entering the Gmail SMTP server as 'smtp.gmail.com', and setting the port to '587'. Enable the authentication option, then add the Gmail account and the password generated in the 'App'.

Optionally, specify the 'from' field for the emails.

Perform a mail test from the configured Gmail account to a Hotmail account. To finish, select 'OK'.

If the test is successful, a green notification will appear, if not, it will appear in red.

When checking the Hotmail recipient, the test email will appear like this.

For this example, there are two administrators: one with the 'Super_User' role 'admin', and another with the 'Restricted_User' role 'example1', each having their corresponding emails.

User 'Admin' has a Gmail email, while User 'example1' has a Hotmail email.

'Admin'.

'example1'.

To activate Workspace, navigate to System Settings -> Advanced -> Workspace. Select 'Workflow (All ADOMs)' and create an 'Approval'.

To create the new matrix, select the ADOM and the group and/or user responsible for approving all change requests. In the notification section, specify the users to be notified of the event, including when the approval request is halted with the change details and when it is approved.

The mail server previously configured is then selected.

A functional test was performed by logging in as the user 'example1' and creating a security policy for LAN browsing. The following image shows the user 'example1', with both 'Policy Package' and 'Config Status' synchronized before the change.

The 'lock' icon is selected when it turns green, and a prompt to create a new session will appear.

The session is given a name for identification purposes.

A new policy is created.

Once the changes are made, select 'save'.

To send the approval email to the user, 'submit' must be selected, which triggers the notification.

Before completing the action, add a comment to highlight the change and select the 'Attach configuration' option to provide more details for user approval. 

In this case, the user 'admin' receives the approval email, which includes session details. The most important detail is the 'Approval Matrix', with the status marked as 'pending'.

In the last email, the HTML attachment displays the following details: package or script.

Note: It is important to exclude the specific Gmail account and allow these attachment types in the anti-spam solution.

Example of how the change details are displayed in 'Policy Package'.

Example of how the change details are displayed in 'Script'.

Note: This type of detail is very helpful for users approving changes, as it allows them to analyze the changes before approval or even add comments to modify the change.

To approve the change, log in as 'admin', select the lock icon, and all sessions requiring approval will appear. 

Select the session to approve, then choose 'Approve' and add a comment to identify it.

Once approved, the column 'Approval Status' shows 1/1, completing the workflow. The only remaining step is to install the policy package.

The last notification receives approval and contains the action 'Approve', along with other options such as 'Reject', 'Repair', or 'Discard', depending on the user's choice.

This configuration is very helpful when many administrators make changes at the same time and maintain the quality of the change when another person reviews it.