Gateway mode deployment Example 3: FortiMail unit in DMZ
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 111
http://docs.fortinet.com/ • Feedback
For information on configuring additional features, see the FortiMail Administration Guide.
Example 3: FortiMail unit in DMZ
In this example, a FortiMail unit operating in gateway mode, a protected email server, and
email users’ computers are all positioned within a private network, behind a firewall.
However, the FortiMail unit is located in the demilitarized zone (DMZ) of the firewall,
separated from the local email users and the protected email server, which are located on
the internal network of the firewall. Remote email users’ computers and external email
servers are located on the Internet, outside of the network protected by the firewall. The
FortiMail unit protects accounts for email addresses ending in “@example.com”, which are
hosted on the local email server.
Figure 44: FortiMail unit in DMZ
The FortiMail unit has also been configured with an access control rule that allows local
and remote email users to send email to unprotected domains if they first authenticate:
To deploy the FortiMail unit in the DMZ of a firewall, you must complete the following:
• Configuring the firewall
• Configuring the MUAs
• Testing the installation
Sender Pattern *@example.com
Recipient Pattern *
Sender IP/Netmask 0.0.0.0/0
Reverse DNS
Pattern
*
Authentication
Status
authenticated
TLS < none >
Action RELAY
External
Em ail Server
Rem ote Em ail Users
DNS Server
Internet
Sw itch
Local Em ail Users
Internal Em ail Server
172.16.1.10
dm z
192.168.1.1
(v irtual IP:
192.168.1.2)
wan1
10.10.10.1
port1
192.168.1.5
Protected Dom ain:
@exam ple.com
Em ail Dom ain:
@exam ple.com
exam ple.co m IN MX 10 fortimail.exam ple.com
fortimail IN A 10.10.10.1
internal
172.16.1.1
(v irtual IP:
172.16.1.2)
To Next Page
Loading...
