Fortinet black logo

Admin guide

Home FortiToken Cloud Admin guide

Create an impossible-to-travel policy

Copy Link
Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:150933
Download PDF

Create an impossible-to-travel policy

The Impossible Travel feature helps to improve the security level and blocks suspicious login attempts when FortiToken Cloud detects an unusual login request far away from a reasonable geographical location, for example, a login request from Russia for a device used by an employee who is living in the United States. In that case, FTC will block it. FTC is able to identify suspicious sign-in attempts based on distance and time elapsed between two subsequent user sign-in attempts. The default is 500 miles per hour. Bear in mind that the user IP must be supported by FortiProducts.

To enable the Impossible-Travel feature in an adaptive authentication policy:

  1. From the side menu, select Adaptive Auth > Policy.

  2. Select Add Policy.

  3. Specify the policy name.

    For Action, select Enforce MFA/Block.

  4. For Filters, select Location Filter.

  5. For Location Filter, select the countries or regions for normal login location.

  6. Select the Impossible Travel button to enable it.

  7. For Schedule, select a desired schedule set.

  8. Click Confirm.

  9. Add the new policy into a profile, and be sure to select the same action (Enforce MFA/Block).

  10. Add the new profile into any auth client (including FortiProducts and web apps) and any Realms whose users are going to login from the specified locations.

Previous
Next

Create an impossible-to-travel policy

The Impossible Travel feature helps to improve the security level and blocks suspicious login attempts when FortiToken Cloud detects an unusual login request far away from a reasonable geographical location, for example, a login request from Russia for a device used by an employee who is living in the United States. In that case, FTC will block it. FTC is able to identify suspicious sign-in attempts based on distance and time elapsed between two subsequent user sign-in attempts. The default is 500 miles per hour. Bear in mind that the user IP must be supported by FortiProducts.

To enable the Impossible-Travel feature in an adaptive authentication policy:

  1. From the side menu, select Adaptive Auth > Policy.

  2. Select Add Policy.

  3. Specify the policy name.

    For Action, select Enforce MFA/Block.

  4. For Filters, select Location Filter.

  5. For Location Filter, select the countries or regions for normal login location.

  6. Select the Impossible Travel button to enable it.

  7. For Schedule, select a desired schedule set.

  8. Click Confirm.

  9. Add the new policy into a profile, and be sure to select the same action (Enforce MFA/Block).

  10. Add the new profile into any auth client (including FortiProducts and web apps) and any Realms whose users are going to login from the specified locations.

Previous
Next