Example 1: FortiMail unit behind a firewall Server mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
146 Revision 2
http://docs.fortinet.com/ • Feedback
Configuring the firewall policies
First, create a firewall policy that allows incoming email and other FortiMail services that
are received at the virtual IP address, then applies a static NAT when forwarding the traffic
to the private network IP address of the FortiMail unit.
Second, create a firewall policy that allows outgoing email and other connections from the
FortiMail unit to the Internet.
To add the Internet-to-FortiMail policy
1 Go to Firewall > Policy > Policy.
2 Select Create New.
3 Complete the following:
4 Select NAT.
5 Select OK.
To add the FortiMail-to-Internet policy
1 Go to Firewall > Policy > Policy.
2 Select Create New.
3 Complete the following:
4 Select NAT.
5 Select OK.
Configuring the email user accounts
Create email user accounts for each protected domain on the FortiMail unit.
You may choose to create additional email user accounts later, but you should create at
least one email user account for each protected domain that you can use in order to verify
connectivity for the domain.
Source Interface/zone Select wan1.
Source Address Name Select all.
Destination
Interface/zone
Select internal.
Destination Address
Name
Select FortiMail_VIP.
Schedule Select ALWAYS.
Service Select FortiMail_incoming_services.
Action Select ACCEPT.
Source Interface/zone Select internal.
Source Address Name Select FortiMail_address.
Destination
Interface/zone
Select wan1.
Destination Address
Name
Select all.
Schedule Select ALWAYS.
Service Select FortiMail_outgoing_services.
Action Select ACCEPT.