Fortinet black logo

Administration Guide

Messaging

Messaging

FortiAuthenticator sends email for several purposes, such as password reset requests, new user approvals, user self-registration, and two-factor authentication.

By default, FortiAuthenticator uses its built-in Simple Mail Transfer Protocol (SMTP) server. This is provided for convenience, but is not necessarily optimal for production environments. Fortinet recommends that you configure the unit to use a reliable external mail relay.

There are two distinct email services:

  1. Administrators: Password reset, new user approval, two-factor authentication, etc.
  2. Users: Password reset, self-registration, two-factor authentication, etc.

If you plan to send SMS messages to users, you must configure the SMS gateways that you will use. Ask your SMS provider for information about using its gateway. The FortiAuthenticator SMS gateway configuration differs according to the protocol your SMS provider uses.

SMTP servers

To view a list of the SMTP servers, go to System > Messaging > SMTP Servers.

Although FortiAuthenticator can be configured to send emails from the built-in mail server (localhost), this is not recommended. Anti-spam methods such as IP lookup, DKIM, and SPF can block mail from such ad-hoc mail servers. It is highly recommended that email is relayed from an official mail server for your domain.

The following information is shown:

Create New Select to create a new SMTP server.
Delete Select to delete the selected SMTP server or servers.
Edit Select to edit the selected SMTP server.
Set as Default Set the selected SMTP server as the default SMTP server.
Name The name of the SMTP server.
Server The server name and port number.
Default Shows a green circle with a check mark for the default SMTP server. To change the default server, select the server you would like to use as the default, then select Set as Default in the toolbar.
To add an external SMTP server:
  1. Go to System > Messaging > SMTP Servers and select Create New. The Create New SMTP Server window opens.
  2. Enter the following information:
    Name Enter a name to identify this mail server on FortiAuthenticator.
    Server name/IP Enter the IP address or Fully Qualified Domain Name (FQDN) of the mail server.
    Port The default port 25. Change it if your SMTP server uses a different port.
    Sender name (optional) Optionally, enter the name that will appear when sending an email from FortiAuthenticator.
    Sender email address In the From field, enter the email address that will appear when sending an email from FortiAuthenticator.

    Connection Security and Authentication

    Customize the secure connection and authentication for a user.
    Secure connection For a secure connection to the mail server, select STARTTLS from the dropdown menu.
    Enable authentication Enable if the email server requires you to authenticate when sending email. Enter the Account username and Password if required.
  3. Optionally, select Test Connection to send a test email message. Specify a recipient and select Send. Confirm that the recipient received the message.
    Note that the recipient’s email system might treat the test email message as spam.
  4. Select OK to create the new SMTP server.

Email services

To view a list of the email services, go to System > Messaging > Email Services.

The following information is shown:

Edit Select to edit the selected email service.
Recipient The name of the email recipient.
SMTP server The SMTP server associated with the recipient. The server can be selected from the dropdown menu.
Save Select to save any changes made to the email services.
To configure email services:
  1. Go to System > Messaging > Email Services and select the recipient you need to edit (the user's email service is shown below). The Edit Email Service window opens.
  2. Configure the following:
    SMTP server Select the SMTP server from the dropdown menu.
    Public Address Customize the address or link for the email.
    Address discovery method

    Select the address discovery method:

    • Automatic discovery: Use device FQDN if configured, or automatically obtain address from the browser, or an active network interface.
    • Specify an address: Manually enter the address and port number.
    • Use the IP address from a network interface: Select a specific network interface from the dropdown menu.
    Address Enter the recipient IP address or FQDN. Only available if Address discovery method is set to Specify an address.
    Port Enter the recipient port number (set to 80 by default). Only available if Address discovery method is set to Specify an address.
    Network interface Select a configured network interface from the dropdown menu. This option is only available when the Address discovery method is set to Use the IP address from a network interface.
  3. Select OK to apply your changes.

SMS gateways

To view a list of the configured SMS gateways, go to System > Messaging > SMS Gateways.

The following information is shown:

Create New Select to create a new SMS gateway.
Delete Select to delete the selected SMS gateway or gateways.
Edit Select to edit the selected SMS gateway.
Set as Default Set the selected SMS gateway as the default SMS gateway.
Name The name of the SMS gateway.
Protocol The protocol used by the gateway.
SMTP Server The SMTP server associated with the gateway.
API URL The gateway’s API URL, if it has one.
Default Shows a green circle with a check mark for the default SMS gateway. To change the default gateway, select the gateway you would like to use as the default, then select Set as Default in the toolbar.

You can also configure the message that you will send to users. You can use the following tags for user-specific information:

Tag Information
{{:country_code}} Telephone country code, e.g. 01 for North America.
{{:mobile_number}} User’s mobile phone number.
{{:message}} “Your authentication token code is ” and the code.
{{:null}} Empty string or null value.
To create a new SMTP SMS gateway:
  1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.
  2. Enter the following information:
    Name Enter a name for the new gateway.
    Protocol Select SMTP.
    SMTP server Select the SMTP server you use to contact the SMS gateway. The SMTP server must already be configured, see SMTP servers.
    Mail-to-SMS gateway Change domain.com to the SMS provider’s domain name. The default entry {{:mobile_number}}@domain.com assumes that the address is the user’s mobile number followed by @ and the domain name. In the Email Preview section, check the To field to ensure that the format of the address matches the information from your provider.
    Email Preview View a preview of the email message.
    To Format of the email address, as determined by the Mail-to-SMS gateway field.
    Subject Optionally, enter a subject for the message.
    Body Optionally, enter body text for the message.
  3. Optionally, select Test Settings to send a test SMS message to the user.
  4. Select OK to create a new SMTP SMS gateway.
To create a new HTTP or HTTPS SMS gateway:
  1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.
  2. Expand the HTTP/HTTPS section, then enter the following information:
    HTTP/HTTPS
    HTTP method Select the method to use, either GET of POST.
    API URL Enter the gateway URL, omitting the protocol prefix http:// or https://. Also omit the parameter string that begins with ?.
    CA certificate Select CA certificate that validates this SMS provider from the dropdown menu.
    Content-Type Select a content type from the dropdown menu.
    Authorization Type Enter the Username and Password for Basic Auth.
    HTTP Parameters
    Field Enter the parameter names that the SMS provider’s URL requires, such as user and password.
    Value Enter the values or tags corresponding to the fields.
    Delete Delete the field and its value.
  3. If you need more parameter entries, select Add another SMS Gateway HTTP Parameter.
  4. Optionally, select Test Settings to send a test SMS message to the user.
  5. Select OK to create a new HTTP or HTTPS SMS gateway.

Messaging

FortiAuthenticator sends email for several purposes, such as password reset requests, new user approvals, user self-registration, and two-factor authentication.

By default, FortiAuthenticator uses its built-in Simple Mail Transfer Protocol (SMTP) server. This is provided for convenience, but is not necessarily optimal for production environments. Fortinet recommends that you configure the unit to use a reliable external mail relay.

There are two distinct email services:

  1. Administrators: Password reset, new user approval, two-factor authentication, etc.
  2. Users: Password reset, self-registration, two-factor authentication, etc.

If you plan to send SMS messages to users, you must configure the SMS gateways that you will use. Ask your SMS provider for information about using its gateway. The FortiAuthenticator SMS gateway configuration differs according to the protocol your SMS provider uses.

SMTP servers

To view a list of the SMTP servers, go to System > Messaging > SMTP Servers.

Although FortiAuthenticator can be configured to send emails from the built-in mail server (localhost), this is not recommended. Anti-spam methods such as IP lookup, DKIM, and SPF can block mail from such ad-hoc mail servers. It is highly recommended that email is relayed from an official mail server for your domain.

The following information is shown:

Create New Select to create a new SMTP server.
Delete Select to delete the selected SMTP server or servers.
Edit Select to edit the selected SMTP server.
Set as Default Set the selected SMTP server as the default SMTP server.
Name The name of the SMTP server.
Server The server name and port number.
Default Shows a green circle with a check mark for the default SMTP server. To change the default server, select the server you would like to use as the default, then select Set as Default in the toolbar.
To add an external SMTP server:
  1. Go to System > Messaging > SMTP Servers and select Create New. The Create New SMTP Server window opens.
  2. Enter the following information:
    Name Enter a name to identify this mail server on FortiAuthenticator.
    Server name/IP Enter the IP address or Fully Qualified Domain Name (FQDN) of the mail server.
    Port The default port 25. Change it if your SMTP server uses a different port.
    Sender name (optional) Optionally, enter the name that will appear when sending an email from FortiAuthenticator.
    Sender email address In the From field, enter the email address that will appear when sending an email from FortiAuthenticator.

    Connection Security and Authentication

    Customize the secure connection and authentication for a user.
    Secure connection For a secure connection to the mail server, select STARTTLS from the dropdown menu.
    Enable authentication Enable if the email server requires you to authenticate when sending email. Enter the Account username and Password if required.
  3. Optionally, select Test Connection to send a test email message. Specify a recipient and select Send. Confirm that the recipient received the message.
    Note that the recipient’s email system might treat the test email message as spam.
  4. Select OK to create the new SMTP server.

Email services

To view a list of the email services, go to System > Messaging > Email Services.

The following information is shown:

Edit Select to edit the selected email service.
Recipient The name of the email recipient.
SMTP server The SMTP server associated with the recipient. The server can be selected from the dropdown menu.
Save Select to save any changes made to the email services.
To configure email services:
  1. Go to System > Messaging > Email Services and select the recipient you need to edit (the user's email service is shown below). The Edit Email Service window opens.
  2. Configure the following:
    SMTP server Select the SMTP server from the dropdown menu.
    Public Address Customize the address or link for the email.
    Address discovery method

    Select the address discovery method:

    • Automatic discovery: Use device FQDN if configured, or automatically obtain address from the browser, or an active network interface.
    • Specify an address: Manually enter the address and port number.
    • Use the IP address from a network interface: Select a specific network interface from the dropdown menu.
    Address Enter the recipient IP address or FQDN. Only available if Address discovery method is set to Specify an address.
    Port Enter the recipient port number (set to 80 by default). Only available if Address discovery method is set to Specify an address.
    Network interface Select a configured network interface from the dropdown menu. This option is only available when the Address discovery method is set to Use the IP address from a network interface.
  3. Select OK to apply your changes.

SMS gateways

To view a list of the configured SMS gateways, go to System > Messaging > SMS Gateways.

The following information is shown:

Create New Select to create a new SMS gateway.
Delete Select to delete the selected SMS gateway or gateways.
Edit Select to edit the selected SMS gateway.
Set as Default Set the selected SMS gateway as the default SMS gateway.
Name The name of the SMS gateway.
Protocol The protocol used by the gateway.
SMTP Server The SMTP server associated with the gateway.
API URL The gateway’s API URL, if it has one.
Default Shows a green circle with a check mark for the default SMS gateway. To change the default gateway, select the gateway you would like to use as the default, then select Set as Default in the toolbar.

You can also configure the message that you will send to users. You can use the following tags for user-specific information:

Tag Information
{{:country_code}} Telephone country code, e.g. 01 for North America.
{{:mobile_number}} User’s mobile phone number.
{{:message}} “Your authentication token code is ” and the code.
{{:null}} Empty string or null value.
To create a new SMTP SMS gateway:
  1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.
  2. Enter the following information:
    Name Enter a name for the new gateway.
    Protocol Select SMTP.
    SMTP server Select the SMTP server you use to contact the SMS gateway. The SMTP server must already be configured, see SMTP servers.
    Mail-to-SMS gateway Change domain.com to the SMS provider’s domain name. The default entry {{:mobile_number}}@domain.com assumes that the address is the user’s mobile number followed by @ and the domain name. In the Email Preview section, check the To field to ensure that the format of the address matches the information from your provider.
    Email Preview View a preview of the email message.
    To Format of the email address, as determined by the Mail-to-SMS gateway field.
    Subject Optionally, enter a subject for the message.
    Body Optionally, enter body text for the message.
  3. Optionally, select Test Settings to send a test SMS message to the user.
  4. Select OK to create a new SMTP SMS gateway.
To create a new HTTP or HTTPS SMS gateway:
  1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.
  2. Expand the HTTP/HTTPS section, then enter the following information:
    HTTP/HTTPS
    HTTP method Select the method to use, either GET of POST.
    API URL Enter the gateway URL, omitting the protocol prefix http:// or https://. Also omit the parameter string that begins with ?.
    CA certificate Select CA certificate that validates this SMS provider from the dropdown menu.
    Content-Type Select a content type from the dropdown menu.
    Authorization Type Enter the Username and Password for Basic Auth.
    HTTP Parameters
    Field Enter the parameter names that the SMS provider’s URL requires, such as user and password.
    Value Enter the values or tags corresponding to the fields.
    Delete Delete the field and its value.
  3. If you need more parameter entries, select Add another SMS Gateway HTTP Parameter.
  4. Optionally, select Test Settings to send a test SMS message to the user.
  5. Select OK to create a new HTTP or HTTPS SMS gateway.