Server mode deployment Example 3: FortiMail unit in DMZ
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 155
http://docs.fortinet.com/ • Feedback
Configuring the virtual IPs
In order to create the firewall policies that forward email-related traffic to the FortiMail unit
from the internal network and from the Internet, you must first define two static NAT
mappings:
• from a public IP address on the FortiGate unit to the IP address of the FortiMail unit
• from a virtual IP address on the 172.16.1.* network to the IP address of the FortiMail
unit
by creating a virtual IP entries.
To add a wan1 virtual IP for the FortiMail unit
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Complete the following:
4 Select OK.
To add an internal virtual IP for the FortiMail unit
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Complete the following:
4 Select OK.
Configuring the firewall policies
First, create a firewall policy that allows incoming email and other FortiMail services that
are received at the virtual IP address, then applies a static NAT when forwarding the traffic
to the private network IP address of the FortiMail unit.
Second, create a firewall policy that allows outgoing email and other FortiMail connections
from the FortiMail unit to the Internet.
Last, create a firewall policy that allows outgoing email and other FortiMail connections
from the local email users to the FortiMail unit.
Name Enter a name to identify the virtual IP entry, such as
FortiMail_VIP_wan1.
External Interface Select wan1.
Type Select Static NAT.
External IP
Address/Range
Enter 10.10.10.1.
Mapped IP
Address/Range
Enter 192.168.1.5.
Name Enter a name to identify the virtual IP entry, such as
FortiMail_VIP_internal.
External Interface Select internal.
Type Select Static NAT.
External IP
Address/Range
Enter 172.168.1.2.
Mapped IP
Address/Range
Enter 192.168.1.5.
To Next Page
Loading...
