Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Token code valid time
Hi Guys,
is there a way to extend the valid time of the token codes?
We are sending codes by mail, but the mail delay is sometimes too long to get the code in before it is invalid.
would be good to have a time slot with 2 or 3 minutes.
My FG is FGB200B, OS is v4.0 build 0632
Thank you for your help.
Ditmar
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I remember this being discussed in 2012 based on customer feedback. I found the bug ID that referenced the discussion for bringing it in as a New Feature Request.
It looks like it was never added in OS 4.3, but the command is there in OS 5.0 and 5.2:
config system global
set two-factor-sms-expiry <int>
set two-factor-email-expiry <int>
end
The value can be anything from 30-300 seconds.
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, Chris,
yes, this works fine in OS 5.2.
But there is no way to activate sending the codes by email as I could do in OS 4.3
Do you have an idea how to fix this?
there is no choice to set two-factor email and configuring email-to in config user local , edit <user>
Thank you
Ditmar
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In OS 5.0 and 5.2, this is how I did it, from start to finish, using SSLVPN access as an example:
config system email-server
set server mail.domain.ca
set auth en
set user tokens@domain.ca
set password password
set security none
set port 26 //--this is the port I use in reality
set reply-to tokens@domain.ca
end
config user local
edit " email_test"
set type password
set passwd password
set two-factor email //--you can only see email as an option once you create an email server above
set email-to user@domain.ca
end
config user group
edit " SSL_users"
set member email_test
end
config firewall policy
edit 0
set srcintf wan1
set dstintf internal
set srcaddr all
set dstaddr all
set action ssl-vpn
set identity-based enable
config identity-based policy
edit 1
set schedule always
set groups " SSL_users"
set service ALL
set sslvpn-portal " full-access"
end
end
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, Chris,
in my test FG200 I missed to configure the mail Server.
It really works with OS5.2 as well.
One more question:
I configured tokencodes by mail in OS 4.3, but this was resetted after updating to 5.2
must I do all configuration for this after next updating again or is it also caused by my uncomplete test Environment?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
*Maybe*....
Usually, for the FortiGate to reset or clear a setting upon an upgrade, it' s because the destination build has no way of accounting for a setting from an earlier version. A good example is WANOpt rules between 4.3 and 5.0. WANOpt became just another UTM profile in 5.0, which did away with the separate rules. Because of the way the logic changed, there was no way to retain the settings, so it was documented in the equivalent of heavy bolded red letters: " THIS SETTING WILL NOT SURVIVE AN UPGRADE."
So, it could be - I' m not certain offhand - either an incomplete setup or a setting that is invalid with the new OS.
Regards, Chris McMullan Fortinet Ottawa