Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SoGo
New Contributor II

Created on ‎04-19-2022 01:53 PM

Email-server MFA with Outlook

Hello

 

 I am trying to create a second authentication factor for my ssl-vpn users and firewall administrators in my Fortigate, this by enabling the email-server option, I have already done it correctly with gmail, but it seems that as of May 30 the policies will change and this will not be possible, so I have tried to change the server to outlook, but I cannot get the emails with the code

 

this is the smtp server of my hotmail account 

SoGo_1-1650401249889.png

 

this is my configuration

SoGo_0-1650401168508.png

In my outlook account I can see that a device with the fortigate IP can access the account, but the emails do not arrive, and I do not see them in sent items either
 

SoGo_2-1650401434683.png

 

It is the same situation whether it is a hotmail or outlook account

 

If someone has had this situation and can share with me how to solve it, I would appreciate it, my firmware version is 7.0.5

Labels:
1455
0 Kudos
2 REPLIES 2
bpozdena_FTNT
Staff
Staff

Created on ‎04-19-2022 11:38 PM

You should ensure the SMTP access is working from other SMTP clients. You would typically have to enable SMTP access and disable MFA for your account . You can check MS documentation for detailed steps. 

 

Since you do not seem to care about what SMTP provider is used, why don't you just use the default SMTP server notification.fortinet.net ?

 

Reference: 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Default-SMTP-setting-under-email-service/t...

HTH,
Boris
1398
0 Kudos
xsilver_FTNT
Staff
Staff

Created on ‎04-27-2022 04:46 AM

If you suspect that no email might be sent out from your FortiGate, then how about packet capture to see if there is any connection attempt at all ?

As you have starttls then it will be TCP TLS. So at least you should see if there was normal handshake and TLS negotiation.

Alternatively you can spring yourself some simple test mailserver, preferably with no auth, so you will see plain SMTP in captures and be able to see if and how FortiGate sent the email. As a bonus there is supposed to be token in message body captured and readable.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

1350
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.