Example 1: FortiMail unit behind a firewall Gateway mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
102 Revision 2
http://docs.fortinet.com/ • Feedback
5 Select OK.
Configuring the virtual IPs
In order to create the firewall policy that forwards email-related traffic to the FortiMail unit,
you must first define a static NAT mapping from a public IP address on the FortiGate unit
to the private IP address of the FortiMail unit by creating a virtual IP entry.
Similarly, in order to create the firewall policy that forwards POP3/IMAP-related traffic to
the protected email server, you must first define a static NAT mapping from a public IP
address on the FortiGate unit to the private IP address of the protected email server by
creating a virtual IP entry.
To add a virtual IP for the FortiMail unit
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Complete the following:
4 Select OK.
To add a virtual IP for the protected email server
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Complete the following:
4 Select OK.
Configuring the firewall policies
First, create a firewall policy that allows incoming FortiMail services that are received at
the virtual IP address, then applies a static NAT when forwarding the traffic to the private
network IP address of the FortiMail unit.
Note: To add virtual IPs, the FortiGate unit must be operating in NAT mode. For more
information, see the FortiGate Administration Guide.
Name Enter a name to identify the virtual IP entry, such as
FortiMail_VIP.
External Interface Select wan1.
Type Select Static NAT.
External IP
Address/Range
Enter 10.10.10.1.
Mapped IP
Address/Range
Enter 172.16.1.5.
Name Enter a name to identify the virtual IP entry, such as
protected_email_server_VIP.
External Interface Select wan1.
Type Select Static NAT.
External IP
Address/Range
Enter 10.10.10.1.
Mapped IP
Address/Range
Enter 172.16.1.10.
To Next Page
Loading...
