FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
chaithrar
Staff
Staff
Article Id 194890

Description
This article describes the steps to configure Two Factor Authentication on FortiGate with token delivery to user’s email.

Useful links:
CLI Reference: https://docs.fortinet.com/document/fortigate/6.0.6/cli-reference/689474/system-email-server


Solution
There are two steps to complete this configuration:

1) Configure the SMTP server.

#config system email-server
       set reply-to {Sender_email_address}
       set server {SMTP_server_FQDN/IP}
       set port {SMTP_server_port_number}
       set authenticate {enable | disable}
       set username {username}
       set password {password_string}
       set security {none | starttls | smtps}
end

2) Create user(s) with email two factor enabled.

#config user local
    edit {username}
       set type password
       set two-factor email
       set email-to {user_email_address}
       set passwd {password}
    next
end

#config system admin
    edit "admin"
       set type password
       set two-factor email
       set email-to user_email_address
       set passwd password
    next
end
NOTE: Email based two-factor authentication can only be enabled via CLI.


Verification of Configuration:

Once the newly created user can access certain service (e.g. SSL-VPN), the user will be prompted for username and password as usual during access attempt.
If correct credentials are entered by the user, the user will be prompted to enter a token. This token will be delivered to the user’s mailbox. Once the user enters the received token, access will be granted.

Troubleshooting:

Debugging of the authentication process:
#diag debug reset
#diag debug application fnbamd -1
#diag debug enable


Debugging of token delivery via email:
#diag debug reset
#diag debug application alertmail -1
#diag debug enabl
e



Contributors