Deploying FortiMail Transparent Mode

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, a FortiMail unit operating in transparent mode is positioned in front of one email server.

Connecting to FortiMail from your PC

FortiMail port1’s default IP address is 192.168.1.99. To access FortiMail’s web UI, make sure you PC’s IP address is on the same subnet as FortiMail , for example,  192.168.1.98. Access this URL from a web browser: https://192.168.1.99/admin. Remember to include /admin at the end of the URL.

At the login page, enter “admin” as the user name and no password by default. 

Go to the dashboard and change the operation mode to transparent.

 
Selecting transparent mode from the operation mode dropdown menu.
Selecting transparent mode from the operation mode dropdown menu.

Running the Quick Start Wizard

FortiMail web UI comes with a Quick Start Wizard to help you configure some basic network and mail settings for the first time.

To run the Quick Start Wizard, click the Quick Start Wizard button in the upright corner.

 
Selecting the Quick Start Wizard button.
Selecting the Quick Start Wizard button.

Follow the instructions to configure the settings.

Configuring DNS records

If the FortiMail unit is operating in transparent mode, in most cases, configuring DNS records for protected domain names is not required. Proper DNS records for your protected domain names are  usually already in place.

However, you usually must configure public DNS records for the FortiMail unit itself, so that FortiMail can receive web connections, and send and receive email, for its own domain name. Dependent features include:

  • delivery status notification (DSN) email
  • spam reports
  • email users’ access to their per-recipient quarantined mail
  • FortiMail administrators’ access to the web UI by domain name
  • alert email
  • report generation notification email

Transparent mode specific settings

First, when configuring protected domains, enable the following options to hide the existence of the FortiMail unit:

  • This server is on
  • Hide the transparent box
  • Use this domain’s SMTAP server to deliver the mail
  • Second, when configuring the session profile, optionally enable this feature:
  • Hide this box from the mail server

Note: Unless you have enabled Take precedence over recipient based policy match in the IP-based  policy, the Hide the transparent box option in the protected domain has precedence over this option,  and may prevent it from applying to incoming email messages.

Configuring proxies

 1.  Navigate to System > Network.

 2.  Select port 1.

 
Selecting port 1.
Selecting port 1.

 3.  Select the Edit button. 

 4. Select the following from the SMTP Proxy section dropdown menus:

          – Incoming connections: Drop
          – Outgoing connections: Pass through
          – Local connections: Allow

 
Selecting the appropriate settings for port 1.
Selecting the appropriate settings for port 1.

 5.  Select OK.

 6.  Select port 2.

 7.  Select the Edit button.

 8.  Select the following from the SMTP Proxy section dropdown menus:

           – Incoming connections: Proxy
           – Outgoing connections: Drop
           – Local connections: Disallow

 
Selecting the appropriate settings for port 2.
Selecting the appropriate settings for port 2.

 9.  Select OK.

Testing the installation

To test the installation, send an email message using the test paths illustrates in the diagram.

An illustration of the connection test paths.
An illustration of the connection test paths.
  • Was this helpful?
  • Yes   No
  • hana

    can you compare advantage and disadvantage transparent and gateway fortimail mode

  • Steve

    Hi

    The illustration is for server mode.
    Can update the pic for transparent mode ?
    I will like to know how to test for email connection. Please ..

  • Slavko

    The illustration is for server mode.

    • Mike

      Thanks for the notification. It has been changed.