Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fernandoccandidoo
New Contributor

Multi-factor authentication via e-mail with the device name

Hi guys!

Here in the company we have 12 firewalls and we authenticate with a security code in the emails, which was configured by CLI. But thinking about security, how could we configure this authentication configured in the CLI to send the code with the device name in the email title or body?
Because sometimes we have technicians connected to several firewalls and we don't know which one is that code.

Kind regards

2 REPLIES 2
gfleming
Staff
Staff

It doesn't appear to be something that can be edited. What about moving to FortiToken? That way you can just use push notifications and automatically approve access without entering codes...

Cheers,
Graham
Yurisk
Valued Contributor

Hi,

you could configure on each Fortigate reply-to value to be representative of each FGT. This way your technicians will get emails from different senders for each Fortigate.

 

E.g. FGT Atlanta:

 

 

config system email-server
    set reply-to "atlanta@yurisk.com"
    set server "aspmx.l.google.com"
end

 

 

Now FGT in Tokyo:

 

 

config system email-server
    set reply-to "tokyo@yurisk.com"
    set server "aspmx.l.google.com"
end

 

 

This way when logging in FGT Atlanta, the technician would get token from atlanta@yurisk.com, while when logging into Tokyo, she would get an email from tokyo@yurisk.com

 

I guess that would be enough of a differentiator.

Regarding using mobile Fortitokens - each such FTM can be associated with only 1 Fortigate, so to have FTM for logging in 12 FGTs, you would need Fortiauthenticator.

 

HTH.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Top Kudoed Authors