Http://Docs.fortinet.com - Fortinet FortiMail-100 Install Manual

Example 3: FortiMail unit in DMZ
Configuring the firewall policies
116
4 Select OK.
To add a dmz virtual IP for the protected email server
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Complete the following:
Name
External Interface
Type
External IP
Address/Range
Mapped IP
Address/Range
4 Select OK.
Create the following firewall policies:
• Allow SMTP_quar_services that are received at the internal virtual IP address, then
apply a static NAT when forwarding the traffic to the private network IP address of the
FortiMail unit.
• Allow FortiMail_incoming_services that are received at the wan1 virtual IP address that
maps to the FortiMail unit, then apply a static NAT when forwarding the traffic to the
private network IP address of the FortiMail unit.
• Allow FortiMail_outgoing_services from the FortiMail unit to the Internet.
• Allow SMTP traffic that is received at the DMZ virtual IP address, then apply a static
NAT when forwarding the traffic to the private network IP address of the protected
email server.
• Allow PO3_IMAP_services that are received at the wan1 virtual IP address that maps
to the protected email server, then apply a static NAT when forwarding the traffic to the
private network IP address of the protected email server.
To add the internal-to-FortiMail policy
1 Go to Firewall > Policy > Policy.
2 Select Create New.
3 Complete the following:
Source Interface/zone
Source Address Name
Destination
Interface/zone
Destination Address
Name
Schedule
Service
Action
Enter a name to identify the virtual IP entry, such as
protected_email_server_VIP_dmz.
Select dmz.
Select Static NAT.
Enter 192.168.1.2.
Enter 172.16.1.10.
Select internal.
Select internal_address.
Select dmz.
Select FortiMail_VIP_internal.
Select ALWAYS.
Select SMTP_quar_services.
Select ACCEPT.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Gateway mode deployment
Revision 2

http://docs.fortinet.com/

• Feedback