Example 3: FortiMail unit in DMZ Server mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
152 Revision 2
http://docs.fortinet.com/ • Feedback
The FortiMail unit has also been configured with an access control rule that allows local
and remote email users to send email to unprotected domains if they first authenticate:
To deploy the FortiMail unit in the DMZ of a NAT device such as a firewall or router, you
must complete the following:
• Configuring the firewall
• Configuring the email user accounts
• Configuring the MUAs
• Testing the installation
Configuring the firewall
With the FortiMail unit located in the DMZ of a FortiGate unit which is between the
FortiMail unit and local email users, you must configure policies to allow traffic:
• from local email users to the FortiMail unit
• from the FortiMail unit to the Internet
• from the Internet to the FortiMail unit
To create the required policies, complete the following:
• Configuring the firewall addresses
• Configuring the service groups
• Configuring the virtual IPs
• Configuring the firewall policies
Configuring the firewall addresses
In order to create the firewall policies that govern traffic to and from the IP addresses of
local email users and the IP address of the FortiMail unit, you must first define the IP
addresses of the local email users and the IP address of the FortiMail unit by creating
firewall address entries.
To add a firewall address for the FortiMail unit
1 Go to Firewall > Address > Address.
Sender Pattern *@example.com
Recipient Pattern *
Sender IP/Netmask 0.0.0.0/0
Reverse DNS
Pattern
*
Authentication
Status
authenticated
TLS < none >
Action RELAY
Note: This example assumes you have already completed the Quick Start Wizard and
configured records on the DNS server for each protected domain. For details, see “Quick
Start Wizard” on page 77 and “Configuring DNS records” on page 139.
Note: The following procedures use a FortiGate unit running FortiOS v3.0 MR7. If you are
using a different firewall appliance, consult the appliance’s documentation for completing
similar configurations.
To Next Page
Loading...
Need help?
General