FortiGate does not send Two-Factor activation code
Our Foritgate appliance is configured to send email alerts, which are being received for all the desired events. However, when using FortiToken, we do not get our activation code via email. While the firewall shows that the email has been sent successfully.
Is there a way to track outgoing email from our FortiGate appliance?
Hello Everyone, I'm having recently the same problem on our fortigate appliances, for this example I'm using a 100E and a 40F.
While using the fortigate default mail servers, I always got an error 500 that is similar to what SJFriedl explained above, and if I use any external mail service the messages are never sent.
What I have tried so far, on both:
- Using the default fortigate mail service, removing and re-adding the token to the user, sending throughout the token add process or right-clicking on the user to resend it
- Using a different email service, all validated locally with swaks to send mail using using all tree security methods, none(25), smtps(465), and starttls(25), also with authentication when available
- create a firewall rule from all gateway IPs (the appliance address on each interface) to have full access to the mail server on any port (but don't know if its needed, couldn't find any infos that an specific rule would be needed to allow the firewall itself to send emails
- using a public email server instead of our main one to validate if it was a local problem, works fine with all simulations using swaks but same results on the firewall.
For now its a big blocker here, since we use the 2fa for quite some time and only noticed when someone from our team changed his phone and needed to be sent the token infos again, and was not possible. Also the 40F is a brand new box with the latest firmware, that will validate if we have any issues on our other box that is not on the latest version.
Is there any way to fix this, or even get the tokens manually from the firewall to setup the 2fa for the users?
The activation code is visible in System Event log, and also in the CLI: show user local <username>. The user can manually enter the activation code in their FortiToken mobile app to activate the token. (note that activation codes are by default valid for three days only)
As for troubleshooting the issue itself: You have clearly done plenty of testing already, and I doubt that forum chatter would be of much help to you. I would recommend opening a support case with the TAC to help you troubleshoot the issue more directly.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.