Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.0.8 Administration Guide
    6.0.8
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Messaging

    Messaging

    FortiAuthenticator sends email for several purposes, such as password reset requests, new user approvals, user self-registration, and two-factor authentication.

    By default, FortiAuthenticator uses its built-in Simple Mail Transfer Protocol (SMTP) server. This is provided for convenience, but is not necessarily optimal for production environments. Fortinet recommends that you configure the unit to use a reliable external mail relay.

    There are two distinct email services:

    1. Administrators: Password reset, new user approval, two-factor authentication, etc.
    2. Users: Password reset, self-registration, two-factor authentication, etc.

    If you plan to send SMS messages to users, you must configure the SMS gateways that you will use. Ask your SMS provider for information about using its gateway. The FortiAuthenticator SMS gateway configuration differs according to the protocol your SMS provider uses.

    SMTP servers

    To view a list of the SMTP servers, go to System > Messaging > SMTP Servers.

    Although FortiAuthenticator can be configured to send emails from the built-in mail server (localhost), this is not recommended. Anti-spam methods such as IP lookup, DKIM, and SPF can block mail from such ad-hoc mail servers. It is highly recommended that email is relayed from an official mail server for your domain.

    The following information is shown:

    Create New Select to create a new SMTP server.
    Delete Select to delete the selected SMTP server or servers.
    Edit Select to edit the selected SMTP server.
    Set as Default Set the selected SMTP server as the default SMTP server.
    Name The name of the SMTP server.
    Server The server name and port number.
    Default Shows a green circle with a check mark for the default SMTP server. To change the default server, select the server you would like to use as the default, then select Set as Default in the toolbar.
    To add an external SMTP server:
    1. Go to System > Messaging > SMTP Servers and select Create New. The Create New SMTP Server window opens.

    2. Enter the following information:
      NameEnter a name to identify this mail server on FortiAuthenticator.
      Server name/IPEnter the IP address or Fully Qualified Domain Name (FQDN) of the mail server.
      PortThe default port 25. Change it if your SMTP server uses a different port.
      Sender name (optional)Optionally, enter the name that will appear when sending an email from FortiAuthenticator.
      Sender email address In the From field, enter the email address that will appear when sending an email from FortiAuthenticator.

      Connection Security and Authentication

      		Customize the secure connection and authentication for a user.
      Secure connectionFor a secure connection to the mail server, select STARTTLS from the dropdown menu.
      Enable authenticationEnable if the email server requires you to authenticate when sending email. Enter the Account username and Password if required.
    3. Optionally, select Test Connection to send a test email message. Specify a recipient and select Send. Confirm that the recipient received the message.
      Note that the recipient’s email system might treat the test email message as spam.
    4. Select OK to create the new SMTP server.

    Email services

    To view a list of the email services, go to System > Messaging > Email Services.

    The following information is shown:

    Edit Select to edit the selected email service.
    Recipient The name of the email recipient.
    SMTP server The SMTP server associated with the recipient. The server can be selected from the dropdown menu.
    Save Select to save any changes made to the email services.
    To configure email services:
    1. Go to System > Messaging > Email Services and select the recipient you need to edit (the user's email service is shown below). The Edit Email Service window opens.

    2. Configure the following:
      SMTP serverSelect the SMTP server from the dropdown menu.
      Public AddressCustomize the address or link for the email.
      Address discovery method

      Select the address discovery method:

      • Automatic discovery: Use device FQDN if configured, or automatically obtain address from the browser, or an active network interface.
      • Specify an address: Manually enter the address and port number.
      • Use the IP address from a network interface: Select a specific network interface from the dropdown menu.
      AddressEnter the recipient IP address or FQDN. Only available if Address discovery method is set to Specify an address.
      PortEnter the recipient port number (set to 80 by default). Only available if Address discovery method is set to Specify an address.
      Network interfaceSelect a configured network interface from the dropdown menu. This option is only available when the Address discovery method is set to Use the IP address from a network interface.
    3. Select OK to apply your changes.

    SMS gateways

    To view a list of the configured SMS gateways, go to System > Messaging > SMS Gateways.

    The following information is shown:

    Create New Select to create a new SMS gateway.
    Delete Select to delete the selected SMS gateway or gateways.
    Edit Select to edit the selected SMS gateway.
    Set as Default Set the selected SMS gateway as the default SMS gateway.
    Name The name of the SMS gateway.
    Protocol The protocol used by the gateway.
    SMTP Server The SMTP server associated with the gateway.
    API URL The gateway’s API URL, if it has one.
    Default Shows a green circle with a check mark for the default SMS gateway. To change the default gateway, select the gateway you would like to use as the default, then select Set as Default in the toolbar.

    You can also configure the message that you will send to users. You can use the following tags for user-specific information:

    Tag Information
    {{:country_code}} Telephone country code, e.g. 01 for North America.
    {{:mobile_number}} User’s mobile phone number.
    {{:message}} “Your authentication token code is ” and the code.
    {{:null}} Empty string or null value.
    To create a new SMTP SMS gateway:
    1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.

    2. Enter the following information:
      Name Enter a name for the new gateway.
      Protocol Select SMTP.
      SMTP server Select the SMTP server you use to contact the SMS gateway. The SMTP server must already be configured, see SMTP servers.
      Mail-to-SMS gateway Change domain.com to the SMS provider’s domain name. The default entry {{:mobile_number}}@domain.com assumes that the address is the user’s mobile number followed by @ and the domain name. In the Email Preview section, check the To field to ensure that the format of the address matches the information from your provider.
      Email PreviewView a preview of the email message.
      ToFormat of the email address, as determined by the Mail-to-SMS gateway field.
      Subject Optionally, enter a subject for the message.
      Body Optionally, enter body text for the message.
    3. Optionally, select Test Settings to send a test SMS message to the user.
    4. Select OK to create a new SMTP SMS gateway.
    To create a new HTTP or HTTPS SMS gateway:
    1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.
    2. Expand the HTTP/HTTPS section, then enter the following information:
      HTTP/HTTPS
      HTTP method Select the method to use, either GET of POST.
      API URL Enter the gateway URL, omitting the protocol prefix http:// or https://. Also omit the parameter string that begins with ?.
      CA certificate Select CA certificate that validates this SMS provider from the dropdown menu.
      Content-TypeSelect a content type from the dropdown menu.
      Authorization TypeEnter the Username and Password for Basic Auth.
      HTTP Parameters
      Field Enter the parameter names that the SMS provider’s URL requires, such as user and password.
      Value Enter the values or tags corresponding to the fields.
      Delete Delete the field and its value.
    3. If you need more parameter entries, select Add another SMS Gateway HTTP Parameter.
    4. Optionally, select Test Settings to send a test SMS message to the user.
    5. Select OK to create a new HTTP or HTTPS SMS gateway.
    Previous
    Next

    Messaging

    Messaging

    FortiAuthenticator sends email for several purposes, such as password reset requests, new user approvals, user self-registration, and two-factor authentication.

    By default, FortiAuthenticator uses its built-in Simple Mail Transfer Protocol (SMTP) server. This is provided for convenience, but is not necessarily optimal for production environments. Fortinet recommends that you configure the unit to use a reliable external mail relay.

    There are two distinct email services:

    1. Administrators: Password reset, new user approval, two-factor authentication, etc.
    2. Users: Password reset, self-registration, two-factor authentication, etc.

    If you plan to send SMS messages to users, you must configure the SMS gateways that you will use. Ask your SMS provider for information about using its gateway. The FortiAuthenticator SMS gateway configuration differs according to the protocol your SMS provider uses.

    SMTP servers

    To view a list of the SMTP servers, go to System > Messaging > SMTP Servers.

    Although FortiAuthenticator can be configured to send emails from the built-in mail server (localhost), this is not recommended. Anti-spam methods such as IP lookup, DKIM, and SPF can block mail from such ad-hoc mail servers. It is highly recommended that email is relayed from an official mail server for your domain.

    The following information is shown:

    Create New Select to create a new SMTP server.
    Delete Select to delete the selected SMTP server or servers.
    Edit Select to edit the selected SMTP server.
    Set as Default Set the selected SMTP server as the default SMTP server.
    Name The name of the SMTP server.
    Server The server name and port number.
    Default Shows a green circle with a check mark for the default SMTP server. To change the default server, select the server you would like to use as the default, then select Set as Default in the toolbar.
    To add an external SMTP server:
    1. Go to System > Messaging > SMTP Servers and select Create New. The Create New SMTP Server window opens.

    2. Enter the following information:
      NameEnter a name to identify this mail server on FortiAuthenticator.
      Server name/IPEnter the IP address or Fully Qualified Domain Name (FQDN) of the mail server.
      PortThe default port 25. Change it if your SMTP server uses a different port.
      Sender name (optional)Optionally, enter the name that will appear when sending an email from FortiAuthenticator.
      Sender email address In the From field, enter the email address that will appear when sending an email from FortiAuthenticator.

      Connection Security and Authentication

      		Customize the secure connection and authentication for a user.
      Secure connectionFor a secure connection to the mail server, select STARTTLS from the dropdown menu.
      Enable authenticationEnable if the email server requires you to authenticate when sending email. Enter the Account username and Password if required.
    3. Optionally, select Test Connection to send a test email message. Specify a recipient and select Send. Confirm that the recipient received the message.
      Note that the recipient’s email system might treat the test email message as spam.
    4. Select OK to create the new SMTP server.

    Email services

    To view a list of the email services, go to System > Messaging > Email Services.

    The following information is shown:

    Edit Select to edit the selected email service.
    Recipient The name of the email recipient.
    SMTP server The SMTP server associated with the recipient. The server can be selected from the dropdown menu.
    Save Select to save any changes made to the email services.
    To configure email services:
    1. Go to System > Messaging > Email Services and select the recipient you need to edit (the user's email service is shown below). The Edit Email Service window opens.

    2. Configure the following:
      SMTP serverSelect the SMTP server from the dropdown menu.
      Public AddressCustomize the address or link for the email.
      Address discovery method

      Select the address discovery method:

      • Automatic discovery: Use device FQDN if configured, or automatically obtain address from the browser, or an active network interface.
      • Specify an address: Manually enter the address and port number.
      • Use the IP address from a network interface: Select a specific network interface from the dropdown menu.
      AddressEnter the recipient IP address or FQDN. Only available if Address discovery method is set to Specify an address.
      PortEnter the recipient port number (set to 80 by default). Only available if Address discovery method is set to Specify an address.
      Network interfaceSelect a configured network interface from the dropdown menu. This option is only available when the Address discovery method is set to Use the IP address from a network interface.
    3. Select OK to apply your changes.

    SMS gateways

    To view a list of the configured SMS gateways, go to System > Messaging > SMS Gateways.

    The following information is shown:

    Create New Select to create a new SMS gateway.
    Delete Select to delete the selected SMS gateway or gateways.
    Edit Select to edit the selected SMS gateway.
    Set as Default Set the selected SMS gateway as the default SMS gateway.
    Name The name of the SMS gateway.
    Protocol The protocol used by the gateway.
    SMTP Server The SMTP server associated with the gateway.
    API URL The gateway’s API URL, if it has one.
    Default Shows a green circle with a check mark for the default SMS gateway. To change the default gateway, select the gateway you would like to use as the default, then select Set as Default in the toolbar.

    You can also configure the message that you will send to users. You can use the following tags for user-specific information:

    Tag Information
    {{:country_code}} Telephone country code, e.g. 01 for North America.
    {{:mobile_number}} User’s mobile phone number.
    {{:message}} “Your authentication token code is ” and the code.
    {{:null}} Empty string or null value.
    To create a new SMTP SMS gateway:
    1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.

    2. Enter the following information:
      Name Enter a name for the new gateway.
      Protocol Select SMTP.
      SMTP server Select the SMTP server you use to contact the SMS gateway. The SMTP server must already be configured, see SMTP servers.
      Mail-to-SMS gateway Change domain.com to the SMS provider’s domain name. The default entry {{:mobile_number}}@domain.com assumes that the address is the user’s mobile number followed by @ and the domain name. In the Email Preview section, check the To field to ensure that the format of the address matches the information from your provider.
      Email PreviewView a preview of the email message.
      ToFormat of the email address, as determined by the Mail-to-SMS gateway field.
      Subject Optionally, enter a subject for the message.
      Body Optionally, enter body text for the message.
    3. Optionally, select Test Settings to send a test SMS message to the user.
    4. Select OK to create a new SMTP SMS gateway.
    To create a new HTTP or HTTPS SMS gateway:
    1. Go to System > Messaging > SMS Gateways and select Create New. The Create New SMS Gateway window opens.
    2. Expand the HTTP/HTTPS section, then enter the following information:
      HTTP/HTTPS
      HTTP method Select the method to use, either GET of POST.
      API URL Enter the gateway URL, omitting the protocol prefix http:// or https://. Also omit the parameter string that begins with ?.
      CA certificate Select CA certificate that validates this SMS provider from the dropdown menu.
      Content-TypeSelect a content type from the dropdown menu.
      Authorization TypeEnter the Username and Password for Basic Auth.
      HTTP Parameters
      Field Enter the parameter names that the SMS provider’s URL requires, such as user and password.
      Value Enter the values or tags corresponding to the fields.
      Delete Delete the field and its value.
    3. If you need more parameter entries, select Add another SMS Gateway HTTP Parameter.
    4. Optionally, select Test Settings to send a test SMS message to the user.
    5. Select OK to create a new HTTP or HTTPS SMS gateway.
    Previous
    Next