Example 2: FortiMail unit in front of a firewall Gateway mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
108 Revision 2
http://docs.fortinet.com/ • Feedback
4 Select OK.
To add an internal virtual IP for the protected email server
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Complete the following:
4 Select OK.
Configuring the firewall policies
Create the following firewall policies:
• Allow SMTP connections from the protected email server to the FortiMail unit.
• Allow SMTP_quar_services from the local email users to the FortiMail unit.
• allow SMTP connections that are received at the wan1 virtual IP address from the
FortiMail unit, then apply a static NAT when forwarding the traffic to the private network
IP address of the protected email server.
• Allow PO3_IMAP_services that are received at the internal virtual IP address, then
apply a static NAT when forwarding the traffic to the private network IP address of the
protected email server.
• Allow PO3_IMAP_services that are received at the wan1 virtual IP address, then apply
a static NAT when forwarding the traffic to the private network IP address of the
protected email server.
To add the email-server-to-FortiMail policy
1 Go to Firewall > Policy > Policy.
2 Select Create New.
3 Complete the following:
External IP
Address/Range
Enter 10.10.10.1.
Mapped IP
Address/Range
Enter 192.168.1.10.
Name Enter a name to identify the virtual IP entry, such as
protected_email_server_VIP_internal.
External Interface Select internal.
Type Select Static NAT.
External IP
Address/Range
Enter 172.16.1.2.
Mapped IP
Address/Range
Enter 192.168.1.10.
Source Interface/zone Select dmz.
Source Address Name Select protected_email_server_address.
Destination
Interface/zone
Select wan1.
Destination Address
Name
Select FortiMail_address.
Schedule Select ALWAYS.
To Next Page
Loading...
