Example 3: FortiMail unit in DMZ Gateway mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
114 Revision 2
http://docs.fortinet.com/ • Feedback
3 In Group Name, enter a name to identify the service group entry, such as
FortiMail_incoming_services.
4 In the Available Services area, select HTTP, HTTPS, SMTP, and your custom service
for FortiGuard Antivirus push updates, FortiMail_antivirus_push_updates, then select
the right arrow to move them to the Members area.
5 Select OK.
To add a service group for outgoing FortiMail traffic
1 Go to Firewall > Service > Group.
2 Select Create New.
3 In Group Name, enter a name to identify the service group entry, such as
FortiMail_outgoing_services.
4 In the Available Services area, select DNS, NTP, HTTPS, SMTP, and your custom
service for FortiGuard Antispam rating queries, FortiMail_antispam_rating_queries,
then select the right arrow to move them to the Members area.
5 Select OK.
To add a service group for internal email user traffic to the FortiMail unit
1 Go to Firewall > Service > Group.
2 Select Create New.
3 In Group Name, enter a name to identify the service group entry, such as
SMTP_quar_services.
4 In the Available Services area, select HTTP, HTTPS, and SMTP, then select the right
arrow to move them to the Members area.
5 Select OK.
To add a service group for POP3 and IMAP traffic to the protected email server
1 Go to Firewall > Service > Group.
2 Select Create New.
3 In Group Name, enter a name to identify the service group entry, such as
PO3_IMAP_services.
4 In the Available Services area, select POP3 and IMAP, then select the right arrow to
move them to the Members area.
5 Select OK.
Configuring the virtual IPs
In order to create the firewall policy that forwards email-related traffic to the FortiMail unit,
you must first define a static NAT mapping from a public IP address on the FortiGate unit
to the IP address of the FortiMail unit by creating a virtual IP entry.
You must also create virtual IPs to define static NAT mappings:
• from a public IP address on the FortiGate unit to the IP address of the protected email
server
• from an IP address on the internal network of the FortiGate unit to the IP address of the
FortiMail unit
• from an IP address on the DMZ of the FortiGate unit to the IP address of the protected
email server
To Next Page
Loading...
Need help?
General