Gateway mode deployment Example 1: FortiMail unit behind a firewall
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 99
http://docs.fortinet.com/ • Feedback
Figure 42: FortiMail unit behind a NAT device
The private DNS server has been configured to locally replicate records from public DNS
servers for most domains, with the exception of records for protected domains, which
instead have been configured differently locally in order to support the Use MX Record
option.
The FortiMail unit has been configured to query the private DNS server, and also been
configured with an access control rule that allows local and remote email users to send
email to unprotected domains if they first authenticate:
To deploy the FortiMail unit behind a NAT device such as a firewall or router, you must
complete the following:
• Configuring the firewall
• Configuring the MUAs
• Testing the installation
Configuring the firewall
With the FortiMail unit behind a FortiGate unit, you must configure firewall policies to allow
traffic between the internal network and the Internet.
To create the required policies, complete the following:
Sender Pattern *@example.com
Recipient Pattern *
Sender IP/Netmask 0.0.0.0/0
Reverse DNS
Pattern
*
Authentication
Status
authenticated
TLS < none >
Action RELAY
External
Em ail Server
Local Em ail Users
Rem ote Em ail Users
DNS Server
Internal Em ail Server
172.16.1.10
Internet
Sw itch
internal
172.16.1.1
wan1
10.10.10.1
Protected Dom ain:
@example.com
Em ail Dom ain:
@example.com
exam ple.co m IN MX 10 fortimail.exam ple.co m
fortimail IN A 10.10.10.1
port1
172.16.1.5
Gateway Mode
Private DNS Server
exam ple.co m IN MX 10 mail.exam ple.com
mail IN A 172.16.1.10
Note: This example assumes you have already completed the Quick Start Wizard and
configured records on the DNS server for each protected domain. For details, see “Quick
Start Wizard” on page 77 and “Configuring DNS records” on page 95.
To Next Page
Loading...
Need help?
General