



It is highly recommended that you maintain access through a secondary system administrator account before proceeding with testing and implementation. Use caution when enabling MFA on a system administrator account. Simply tweak the code below to best match your desired configuration and execute within FortiGate’s CLI. Next, reference the below CLI snippets to implement MFA over email on the user and/or system administrator level. Click on the “>_” button on the upper right-hand corner of the management portal.

Instead, you will need to execute a few short lines of code via the CLI to enable MFA for both VPN user and system administrator accounts. While FortiGate offers this service free of charge, it does not make this feature available within its management graphical user interface (GUI). In our example, I am utilizing a single address for both outbound emails and replies but that is certainly not a requirement. Finally, configure the “Default Reply To” email address with a mailbox that is actively monitored. If you’re using an O365 hosted email address, be sure to select “STARTTLS” as your security mode. Next, enter your chosen email address and password. I specified both the SMTP server address and port to point to Microsoft’s SMTP server and enabled authentication. In our above noted example, I am using a licensed O365 mailbox account which I’ve designated as the email address to be used for all outbound MFA communications.
