Server mode deployment Configuring DNS records
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 139
http://docs.fortinet.com/ • Feedback
Server mode deployment
After completing the Quick Start Wizard, you may be required to configure some items that
are specific to your network topology or the operation mode of your FortiMail unit.
This chapter contains examples of how to deploy a FortiMail unit that is operating in server
mode.
This chapter includes the following:
• Configuring DNS records
• Example 1: FortiMail unit behind a firewall
• Example 2: FortiMail unit in front of a firewall
• Example 3: FortiMail unit in DMZ
Configuring DNS records
You must configure public DNS records for the protected domains and for the FortiMail
unit itself.
For performance reasons, you may also want to provide a private DNS server for use
exclusively by the FortiMail unit.
This section includes the following:
• Configuring DNS records for protected domains
• Configuring DNS records for the FortiMail unit itself
• Configuring a private DNS server
Configuring DNS records for protected domains
Regardless of your private network topology, in order for external MTAs to deliver email to
the FortiMail unit, you must configure the public MX record for each protected domain to
indicate that the FortiMail unit is its email server.
For example, if the fully qualified domain name (FQDN) of the FortiMail unit is
fortimail.example.com, and example.com is a protected domain, the MX record for
example.com would be:
example.com IN MX 10 fortimail.example.com
An A record must also exist to resolve the domain name of the FortiMail unit into an IP
address.
For example, if the MX record indicates that fortimail.example.com is the email gateway
for a domain, you must also configure an A record in the example.com zone file to resolve
fortimail.example.com into a public IP address:
fortimail IN A 10.10.10.1
Caution: If your FortiMail unit will operate in gateway mode or server mode, configure the
MX record to refer to the FortiMail unit, and remove other MX records. If you fail to do so,
external MTAs may not be able to deliver email to or through the FortiMail unit, or may be
able to bypass the FortiMail unit by using the other MX records. If you have configured
secondary MX records for failover reasons, consider configuring FortiMail high availability
(HA) instead. For details, see “FortiMail high availability modes” on page 19.
To Next Page
Loading...
Need help?
General