Removing The Network Interfaces From The Bridge - Fortinet FortiMail-100 Install Manual

Transparent mode deployment

Removing the network interfaces from the bridge

FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2
http://docs.fortinet.com/ • Feedback
To enable the FortiMail unit to receive RADIUS records
1 Connect to the CLI.
This feature cannot be configured through the web-based manager. For instructions on
how to connect to the CLI, see
2 Enter the following command to enable the FortiMail unit to receive RADIUS records
by starting the MSISDN reputation daemon:
set log msisdn enable
3 Enter the following command to configure the RADIUS secret:
set log msisdn-radius secret <secret_str>
where <secret_str> is the secret configured on the RADIUS server.
4 Enter the following command to configure whether to enable or disable the FortiMail
unit to validate RADIUS requests using the RADIUS secret:
set log msisdn-radius secret-request-validate {enable | disable}
where {enable | disable} indicates your choice.
5 Enter the following command to configure whether or not the FortiMail unit will
acknowledge accounting records:
set log msisdn-radius response {enable | disable}
where {enable | disable} indicates your choice.
6 Enter the following command to indicate that the RADIUS server will send the value of
the Framed-IP-Address attribute in network order:
set log msisdn-radius {host-order | network-order}
where {host-order | network-order} indicates your choice. (Most RADIUS
servers use network order.)
In transparent mode, by default, network interfaces are members of a Layer 2 bridge, and
have no IP addresses of their own. To connect to the web-based manager, administrators
connect to any network interface that is a member of the bridge, using the management
IP.
In this deployment example, only port1 will remain a member of the bridge. Administrators
will directly connect their computer to that network interface in order to access the web-
based manager or CLI. The network interfaces through which SMTP traffic passes, port2
and port3, will have their own IP addresses, and will not act as a Layer 2 bridge. As a
result, the management IP will not be accessible from port2 and port3. In addition, all
administrative access protocols will be disabled on port2 and port3 to prevent
unauthorized administrative access attempts from the subscriber and external networks.
Both port2 and port3 will be connected to the same router, and do not require additional
static routes.
To remove port2 and port3 from the bridge
1 Go to System > Network > Interface in the advanced mode of the web-based manager.
2 Double-click on port 2 to edit it.
3 Select Do not associate with management IP.
The network interface will be removed from the bridge, and may be configured with its
own IP address.
4 In IP/Netmask, type the IP address and netmask of the network interface.
Example 3: FortiMail unit for an ISP or carrier
"Connecting to the CLI" on page 29.
133