Characteristics of gateway mode Choosing the operation mode
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
72 Revision 2
http://docs.fortinet.com/ • Feedback
Characteristics of gateway mode
When operating in gateway mode, the FortiMail is a mail transfer agent (MTA), sometimes
also known as an email gateway or relay. The FortiMail unit receives email messages,
scans for viruses and spam, then relays email to its destination email server for delivery.
External MTAs connect to the FortiMail unit, rather than directly to the protected email
server.
FortiMail units operating in gateway mode provide a web-based user interface from which
email users can access personal preferences and email quarantined to their per-recipient
quarantine. However, FortiMail units operating in gateway mode do not locally host
mailboxes such as each email user’s inbox, which are instead stored on protected email
servers.
Gateway mode requires some changes to an existing network. Requirements include MX
records on public DNS servers for each protected domain, which must refer to the
FortiMail unit instead of the protected email servers. You may also need to configure
firewalls or routers to direct SMTP traffic to the FortiMail unit rather than your email
servers.
Figure 24: Example gateway mode topology
For example, an Internet service provider (ISP) could deploy a FortiMail unit to protect
their customers’ email servers. For security reasons, customers do not want their email
servers to be directly visible to external MTAs. Therefore, the ISP installs the FortiMail unit
in gateway mode, and configures its network such that all email traffic must pass through
the FortiMail unit before reaching customers’ email servers.
For sample deployment scenarios, see “Gateway mode deployment” on page 95.
Characteristics of transparent mode
When operating in transparent mode, the FortiMail is either an implicit relay or a proxy.
The FortiMail unit intercepts email messages, scans for viruses and spam, then transmits
email to its destination email server for delivery. External MTAs connect through the
FortiMail unit to the protected email server.
Transparency at both the network and application layers is configurable, but not required.
When hiding, the FortiMail unit preserves the IP address and domain name of the SMTP
client in IP headers and the SMTP envelope and message headers, rather than replacing
them with its own.
External
Em ail Server
Local Em ail Users
Rem ote Em ail Users
DNS Server
Internal Em ail Server
172.16.1.10
Internet
Sw itch
internal
172.16.1.1
wan1
10.10.10.1
Protected Dom ain:
@exam ple.com
Em ail Dom ain:
@exam ple.com
exam ple.co m IN MX 10 fortimail.exam ple.com
fortimail IN A 10.10.10.1
port1
172.16.1.5
Gateway Mode
Private DNS Server
exam ple.co m IN MX 10 mail.exam ple.com
mail IN A 172.16.1.10
To Next Page
Loading...
