Example 1: FortiMail unit behind a firewall Gateway mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
98 Revision 2
http://docs.fortinet.com/ • Feedback
Figure 41: Public and private DNS servers (gateway mode)
In some situations, a private DNS server may be required. A private DNS server is
required if you enable the Use MX Record option (see “Use MX Record” on page 83).
Because gateway mode requires that public DNS servers have an MX record that routes
mail to the FortiMail unit, but Use MX Record requires an MX record that references the
protected SMTP server, if you enable that option, you must configure the records of the
private DNS server and public DNS server differently.
For example, if both a FortiMail unit (fortimail.example.com) operating in gateway
mode and the SMTP server reside on your private network behind a router or firewall as
illustrated in Figure 41 on page 98, and the Use MX Record option is enabled, Table 6 on
page 98 illustrates differences between the public and private DNS servers for the
authoritative DNS records of example.com.
If you choose to add a private DNS server, to configure the FortiMail unit to use it, go to
System > Network > DNS in the advanced mode of the web-based manager.
Example 1: FortiMail unit behind a firewall
In this example, a FortiMail unit operating in gateway mode, a protected email server, a
private DNS server, and email users’ computers are all positioned within a private
network, behind a firewall. Remote email users’ computers and external email servers are
located on the Internet, outside of the network protected by the firewall. The FortiMail unit
protects accounts for email addresses ending in “@example.com”, which are hosted on
the local email server.
Table 6: Public vs. private DNS records when “Use MX Record” is enabled
Private DNS server Public DNS server
example.com IN MX 10
mail.example.com
example.com IN MX 10
fortimail.example.com
mail IN A 172.16.1.10 fortimail IN A 10.10.10.1
1 IN PTR fortimail.example.com
External
Em ail Server
Local Em ail Users
Rem ote Em ail Users
Public DNS Server
Internal Em ail Server
172.16.1.10
Internet
Sw itch
internal
172.16.1.1
wan1
10.10.10.1
port1
172.16.1.5
Protected Dom ain:
@exam ple.com
Em ail Dom ain:
@exam ple.com
exam ple.co m IN MX 10 fortimail.exam ple.com
fortimail IN A 10.10.10.1
Gateway Mode
Private DNS Server
exam ple.co m IN MX 10 mail.exam ple.com
mail IN A 172.16.1.10
To Next Page
Loading...
Need help?
General