Gateway mode deployment Example 3: FortiMail unit in DMZ
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 113
http://docs.fortinet.com/ • Feedback
4 Select OK.
Configuring the service groups
In order to create firewall policies that govern only email and FortiMail-related traffic, you
must first create groups of services that define protocols and port numbers used in that
traffic.
Because FortiGuard-related services for FortiMail units are not predefined, you must
define them before you can create a service group that contains those services.
To add a custom service for FortiGuard Antivirus push updates
1 Go to Firewall > Service > Custom.
2 Select Create New.
3 Configure the following:
4 Select OK.
To add a custom service for FortiGuard Antispam rating queries
1 Go to Firewall > Service > Custom.
2 Select Create New.
3 Configure the following:
4 Select OK.
To add a service group for remote incoming FortiMail traffic
1 Go to Firewall > Service > Group.
2 Select Create New.
Subnet /IP Range Enter 192.168.1.5/32.
Interface Select dmz.
Note: For more information on protocols and port numbers used by FortiMail units, see the
Fortinet Knowledge Center article FortiMail Traffic Types and TCP/UDP Ports.
Name Enter a name to identify the custom service entry,
such as
FortiMail_antivirus_push_updates.
Protocol Type Select TCP/UDP.
Protocol Select UDP.
Destination Port
Low Enter 9443.
High Enter 9443.
Name Enter a name to identify the custom service entry,
such as
FortiMail_antispam_rating_queries.
Protocol Type Select TCP/UDP.
Protocol Select UDP.
Destination Port
Low Enter 8889.
High Enter 8889.
To Next Page
Loading...
