Example 2: FortiMail unit in front of a firewall Server mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
148 Revision 2
http://docs.fortinet.com/ • Feedback
Figure 51: Server mode deployment in front of a NAT device
The FortiMail unit has also been configured with an access control rule that allows local
and remote email users to send email to unprotected domains if they first authenticate:
To deploy the FortiMail unit in front of a NAT device such as a firewall or router, you must
complete the following:
• Configuring the firewall
• Configuring the email user accounts
• Configuring the MUAs
• Testing the installation
Configuring the firewall
With the FortiMail unit in front of a FortiGate unit which is between the FortiMail unit and
local email users, you must configure a policy to allow from local email users to the
FortiMail unit.
To create the required policies, complete the following:
• Configuring the firewall addresses
• Configuring the service group
Sender Pattern *@example.com
Recipient Pattern *
Sender IP/Netmask 0.0.0.0/0
Reverse DNS
Pattern
*
Authentication
Status
authenticated
TLS < none >
Action RELAY
External
Em ail Server
Local Em ail Users
Rem ote Em ail Users
Router
DNS Server
Internet
Sw itch
internal
172.16.1.1
wan1
10.10.10.1
port1
10.10.10.5
Em ail Dom ain:
@example.com
exam ple.com IN MX 10 fortimail.exam ple.com
fortimail IN A 10.10.10.5
Note: This example assumes you have already completed the Quick Start Wizard and
configured records on the DNS server for each protected domain. For details, see “Quick
Start Wizard” on page 77 and “Configuring DNS records” on page 139.
To Next Page
Loading...
