Multi-factor authentication via e-mail with the device name

fernandoccandidoo · ‎03-07-2023

Hi guys!

Here in the company we have 12 firewalls and we authenticate with a security code in the emails, which was configured by CLI. But thinking about security, how could we configure this authentication configured in the CLI to send the code with the device name in the email title or body?
Because sometimes we have technicians connected to several firewalls and we don't know which one is that code.

Kind regards

gfleming · ‎03-07-2023

It doesn't appear to be something that can be edited. What about moving to FortiToken? That way you can just use push notifications and automatically approve access without entering codes...

Cheers,
Graham

Yurisk · ‎03-08-2023

Hi,

you could configure on each Fortigate reply-to value to be representative of each FGT. This way your technicians will get emails from different senders for each Fortigate.

E.g. FGT Atlanta:

config system email-server
    set reply-to "atlanta@yurisk.com"
    set server "aspmx.l.google.com"
end

Now FGT in Tokyo:

config system email-server
    set reply-to "tokyo@yurisk.com"
    set server "aspmx.l.google.com"
end

This way when logging in FGT Atlanta, the technician would get token from atlanta@yurisk.com, while when logging into Tokyo, she would get an email from tokyo@yurisk.com.

I guess that would be enough of a differentiator.

Regarding using mobile Fortitokens - each such FTM can be associated with only 1 Fortigate, so to have FTM for logging in 12 FGTs, you would need Fortiauthenticator.

HTH.

Yuri Slobodyanyuk

Multi-factor authentication via e-mail with the device name

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website