Fortinet FortiMail-100, FortiMail-400, FortiMail-100C, FortiMail-2000A, FortiMail-5001A Install Manual
...
FortiMail™ Secure
Messaging Platform
Version 4.0 Patch 1
Install Guide
FortiMail™ Secure Messaging Platform Install Guide
Version 4.0 Patch 1
Revision 2
8 February 2009
© Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples,
diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of
Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient,
FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam,
FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager,
Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and
FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual
companies and products mentioned herein may be the trademarks of their respective owners.
Regulatory compliance
FCC Class A Part 15 CSA/CUS
Caution: Risk of explosion if battery is replaced by incorrect type.
Dispose of used batteries according to instructions.
Contents
Contents
Introduction .............................................................................................. 9
Registering your FortiMail unit ...................................................................................... 9
Customer service and technical support...................................................................... 9
Training .......................................................................................................................... 10
Documentation ............................................................................................................. 10
Scope ............................................................................................................................. 10
Conventions .................................................................................................................. 11
Key concepts.......................................................................................... 13
Email protocols ............................................................................................................. 13
SMTP........................................................................................................................ 13
POP3 ........................................................................................................................ 13
IMAP......................................................................................................................... 14
HTTP and HTTPS..................................................................................................... 14
Client-server connections in SMTP............................................................................. 14
MTA .......................................................................................................................... 15
MUA.......................................................................................................................... 15
Incoming vs. outgoing directionality.......................................................................... 15
The role of DNS in email delivery ................................................................................ 16
MX record ................................................................................................................. 17
A record .................................................................................................................... 18
Reverse DNS record................................................................................................. 18
FortiMail web-based manager modes ......................................................................... 19
FortiMail operation modes ........................................................................................... 19
FortiMail high availability modes................................................................................. 19
Hardware installation............................................................................. 21
Cautions and warnings................................................................................................. 21
Grounding................................................................................................................. 21
Rack mount instructions ........................................................................................... 21
Environmental specifications ...................................................................................... 22
Mounting the FortiMail unit .......................................................................................... 22
FortiMail-100 and FortiMail-100C ............................................................................. 22
FortiMail-400............................................................................................................. 22
FortiMail-2000A and FortiMail-4000A....................................................................... 23
FortiMail-2000B ........................................................................................................ 25
FortiMail-5001A ........................................................................................................ 25
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 3
http://docs.fortinet.com/ • Feedback
Contents
Powering on the FortiMail unit..................................................................................... 26
FortiMail-100 and FortiMail-100C ............................................................................. 26
FortiMail-400............................................................................................................. 26
FortiMail-2000A and FortiMail-4000A....................................................................... 26
FortiMail-2000B ........................................................................................................ 27
FortiMail-5001A ........................................................................................................ 27
Connecting to the network........................................................................................ 27
Turning off the FortiMail unit ....................................................................................... 27
Powering off the FortiMail-5001A board ................................................................... 27
Connecting to the web-based manager or CLI........................................................... 28
Connecting to the web-based manager.................................................................... 28
Connecting to the CLI............................................................................................... 29
Using the front panel’s control buttons and LCD display .......................................... 31
FortiMail-2000B hardware installation ................................................. 33
Mounting the FortiMail unit .......................................................................................... 33
Removing the system from the rack ......................................................................... 39
Installing the cable management arm ......................................................................... 40
Installing the hard drives.............................................................................................. 45
Installing the bezel ........................................................................................................ 48
Connecting the keyboard, mouse, and monitor......................................................... 49
Connecting the power cables ...................................................................................... 50
Securing the power cord .............................................................................................. 51
FortiMail-5001A hardware installation ................................................. 53
Changing FortiMail SW11 switch settings.................................................................. 54
FortiMail mounting components ................................................................................. 55
Inserting a FortiMail board ........................................................................................... 56
Removing a FortiMail board......................................................................................... 59
Resetting a FortiMail board.......................................................................................... 61
Troubleshooting............................................................................................................ 61
FortiMail system does not start up............................................................................ 61
FortiMail status LED is flashing during system operation......................................... 61
Updating the firmware ........................................................................... 63
Testing new firmware before installing it ................................................................... 63
Installing firmware ........................................................................................................ 65
Installing backup firmware........................................................................................... 66
Restoring firmware ....................................................................................................... 68
Choosing the operation mode .............................................................. 71
Characteristics of gateway mode ................................................................................ 72
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
4 Revision 2
http://docs.fortinet.com/ • Feedback
Contents
Characteristics of transparent mode .......................................................................... 72
Characteristics of server mode ................................................................................... 73
Configuring the operation mode ................................................................................. 74
Quick Start Wizard ................................................................................. 77
Step 1: Changing the “admin” password ................................................................... 77
Step 2: Configuring the network settings and system time...................................... 78
Step 3: Configuring local host settings ...................................................................... 80
Step 4: Adding protected domains.............................................................................. 82
Step 5: Configuring incoming antispam and antivirus settings............................... 84
Step 6: Configuring access control rules and outgoing antispam and antivirus
settings .......................................................................................................................... 85
Step 7: Reviewing and saving the configuration ....................................................... 88
Continuing the installation........................................................................................... 88
Connecting to FortiGuard services...................................................... 89
Configuring scheduled updates .................................................................................. 91
Configuring push updates ........................................................................................... 92
Manually requesting updates....................................................................................... 94
Gateway mode deployment................................................................... 95
Configuring DNS records ............................................................................................. 95
Configuring DNS records for the protected domains ................................................ 95
Configuring DNS records for the FortiMail unit itself................................................. 96
Configuring a private DNS server ............................................................................. 97
Example 1: FortiMail unit behind a firewall ................................................................ 98
Configuring the firewall ............................................................................................. 99
Configuring the MUAs............................................................................................. 104
Testing the installation............................................................................................ 104
Example 2: FortiMail unit in front of a firewall ......................................................... 104
Configuring the firewall ........................................................................................... 105
Configuring the MUAs............................................................................................. 110
Testing the installation............................................................................................ 110
Example 3: FortiMail unit in DMZ............................................................................... 111
Configuring the firewall ........................................................................................... 112
Configuring the MUAs............................................................................................. 118
Testing the installation............................................................................................ 118
Transparent mode deployment........................................................... 119
Configuring DNS records ........................................................................................... 119
Configuring DNS records for the FortiMail unit itself............................................... 119
Configuring a private DNS server ........................................................................... 121
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 5
http://docs.fortinet.com/ • Feedback
Contents
Example 1: FortiMail unit in front of an email server............................................... 122
Configuring the protected domains and session profiles ........................................ 123
Configuring the proxies and implicit relay ............................................................... 124
Testing the installation............................................................................................ 125
Example 2: FortiMail unit in front of an email hub................................................... 125
Configuring the protected domains and session profiles ........................................ 126
Configuring the proxies and implicit relay ............................................................... 127
Testing the installation............................................................................................ 128
Example 3: FortiMail unit for an ISP or carrier ......................................................... 128
Configuring the connection with the RADIUS server .............................................. 131
Removing the network interfaces from the bridge .................................................. 133
Configuring the session profiles.............................................................................. 134
Configuring the IP-based policies........................................................................... 136
Configuring the outgoing proxy............................................................................... 137
Testing the installation............................................................................................ 138
Server mode deployment .................................................................... 139
Configuring DNS records ........................................................................................... 139
Configuring DNS records for protected domains .................................................... 139
Configuring DNS records for the FortiMail unit itself............................................... 140
Configuring a private DNS server ........................................................................... 141
Example 1: FortiMail unit behind a firewall .............................................................. 142
Configuring the firewall ........................................................................................... 143
Configuring the email user accounts ...................................................................... 146
Configuring the MUAs............................................................................................. 147
Testing the installation............................................................................................ 147
Example 2: FortiMail unit in front of a firewall ......................................................... 147
Configuring the firewall ........................................................................................... 148
Configuring the email user accounts ...................................................................... 150
Configuring the MUAs............................................................................................. 151
Testing the installation............................................................................................ 151
Example 3: FortiMail unit in DMZ............................................................................... 151
Configuring the firewall ........................................................................................... 152
Configuring the email user accounts ...................................................................... 157
Configuring the MUAs............................................................................................. 157
Testing the installation............................................................................................ 157
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
6 Revision 2
http://docs.fortinet.com/ • Feedback
Contents
Testing the installation........................................................................ 159
Troubleshooting tools ................................................................................................ 161
Ping and traceroute ................................................................................................ 161
Nslookup................................................................................................................. 162
Telnet connections to the SMTP port number ........................................................ 163
Log messages ........................................................................................................ 164
Greylist and sender reputation displays.................................................................. 165
Mail queues and quarantines.................................................................................. 165
Packet capture........................................................................................................ 165
Index...................................................................................................... 169
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 7
http://docs.fortinet.com/ • Feedback
Contents
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
8 Revision 2
http://docs.fortinet.com/ • Feedback
Introduction Registering your FortiMail unit
Introduction
Welcome, and thank you for selecting Fortinet products for your network protection.
The FortiMail™ Secure Messaging Platform is an integrated hardware and software
solution that provides powerful and flexible antispam, antivirus, email archiving and
logging capabilities to incoming and outgoing email traffic. FortiMail units have reliable and
high performance features for detecting and blocking spam messages and malicious
attachments.
Built on the Fortinet award winning FortiOS™ and FortiASIC™ technology, the FortiMail
antivirus technology extends full content inspection capabilities to detect the most
advanced email threats.
To ensure up-to-date email protection, FortiMail relies on FortiGuard™ Antivirus and
FortiGuard Antispam security subscription services that are powered by a worldwide 24x7
Global Threat Research Team. FortiMail provides bidirectional email routing, virtualization
and archiving capabilities with a lower total cost of ownership.
This document will assist you in physically connecting and performing required
configuration to achieve a basic FortiMail installation.
This chapter contains the following topics:
• Registering your FortiMail unit
• Customer service and technical support
• Training
• Documentation
• Scope
• Conventions
Registering your FortiMail unit
Before you begin, take a moment to register your Fortinet product at the Fortinet Technical
Support web site, https://support.fortinet.com.
Many Fortinet customer services, such as firmware updates, technical support, and
FortiGuard Antivirus and other FortiGuard services, require product registration.
For more information, see the Fortinet Knowledge Center article Registration Frequently
Asked Questions.
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your Fortinet
products install quickly, configure easily, and operate reliably in your network.
To learn about the technical support services that Fortinet provides, visit the Fortinet
Technical Support web site at https://support.fortinet.com.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 9
http://docs.fortinet.com/ • Feedback
Training Introduction
You can dramatically improve the time that it takes to resolve your technical support ticket
by providing your configuration file, a network diagram, and other specific information. For
a list of required information, see the Fortinet Knowledge Center article What does
Fortinet Technical Support require in order to best assist the customer?
Training
Fortinet Training Services provides classes that orient you quickly to your new equipment,
and certifications to verify your knowledge level. Fortinet provides a variety of training
programs to serve the needs of our customers and partners world-wide.
To learn about the training services that Fortinet provides, visit the Fortinet Training
Services web site at http://campus.training.fortinet.com, or email them at
training@fortinet.com.
Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the
most up-to-date versions of Fortinet publications, as well as additional technical
documentation such as technical notes.
In addition to the Fortinet Technical Documentation web site, you can find Fortinet
technical documentation on the Fortinet Tools and Documentation CD, and on the Fortinet
Knowledge Center.
Scope
Fortinet Tools and Documentation CD
Many Fortinet publications are available on the Fortinet Tools and Documentation CD
shipped with your Fortinet product. The documents on this CD are current at shipping
time. For current versions of Fortinet documentation, visit the Fortinet Technical
Documentation web site, http://docs.fortinet.com.
Fortinet Knowledge Center
The Fortinet Knowledge Center provides additional Fortinet technical documentation,
such as troubleshooting and how-to-articles, examples, FAQs, technical notes, a glossary,
and more. Visit the Fortinet Knowledge Center at http://kc.fortinet.com.
Comments on FortiMail technical documentation
Please send information about any errors or omissions in this document to
techdoc_fortimail@fortinet.com.
This document will assist you in physically connecting and using the web-based manager
to perform required configuration to achieve a basic FortiMail installation.
After you have completed the instructions in this document:
• The FortiMail unit is integrated into your network, and you can connect to the webbased manager and/or command line interface (CLI).
• The operation mode has been configured.
• The Quick Start Wizard has been completed.
• Firmware, FortiGuard Antivirus and FortiGuard Antispam updates are completed.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
10 Revision 2
http://docs.fortinet.com/ • Feedback
Introduction Conventions
• DNS records for your mail domains have been updated.
• If the FortiMail unit is operating in transparent or gateway mode, the network is
configured so incoming and outgoing email passes through the FortiMail unit for
examination.
• If the FortiMail unit is operating in server mode, the network is configured to allow the
FortiMail unit access to and from other email servers, typically including external
servers on the Internet, and from email users.
• Advanced features of the FortiMail unit may or may not be enabled. These features
include email archiving, logging, reporting, and advanced antispam and antivirus
configurations.
When you have completed that basic setup, you can use the FortiMail Administration
Guide as a guide when configuring the advanced features, reconfiguring the basic
features, or when performing periodic maintenance such as backups and firmware
upgrades.
This document does not cover commands for the command line interface (CLI). For
information on the CLI, see the FortiMail CLI Reference.
This document is intended for administrators, not end users. If you are an email user,
please click the Help link in FortiMail webmail to see the webmail online help instead, or
contact your administrator.
Conventions
IP addresses
CLI constraints
Notes, Tips and Cautions
Fortinet technical documentation uses the conventions described below.
To avoid publication of public IP addresses that belong to Fortinet or any other
organization, the IP addresses used in Fortinet technical documentation are fictional and
follow the documentation guidelines specific to Fortinet. The addresses used are from the
private IP address ranges defined in RFC 1918: Address Allocation for Private Internets,
available at http://ietf.org/rfc/rfc1918.txt?number-1918.
CLI constraints, such as <address_ipv4>, indicate which data types or string patterns
are acceptable input for a given parameter or variable value. CLI constraint conventions
are described in the CLI Reference document for each product.
Fortinet technical documentation uses the following guidance and styles for notes, tips
and cautions.
Tip: Highlights useful additional information, often tailored to your workplace activity.
Note: Also presents useful information, but usually focused on an alternative, optional
method, such as a shortcut, to perform a step.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 11
http://docs.fortinet.com/ • Feedback
Conventions Introduction
Caution: Warns you about commands or procedures that could have unexpected or
undesirable results including loss of data or damage to equipment.
Typographical conventions
Fortinet documentation uses the following typographical conventions:
Table 1: Typographical conventions in Fortinet technical documentation
Convention Example
Button, menu, text box,
field, or check box label
CLI input* config system dns
CLI output FGT-602803030703 # get system settings
Emphasis HTTP connections are not secure and can be intercepted by
File content <HTML><HEAD><TITLE>Firewall
Hyperlink Visit the Fortinet Technical Support web site,
Keyboard entry Type a name for the remote VPN peer or client, such as
Navigation Go to VPN > IPSEC > Auto Key (IKE).
Publication
* For conventions used to represent command syntax, see the FortiMail CLI Reference.
From Minimum log level, select Notification.
set primary <address_ipv4>
end
comments : (null)
opmode : nat
a third party.
Authentication</TITLE></HEAD>
<BODY><H4>You must authenticate to use this
service.</H4>
https://support.fortinet.com.
Central_Office_1.
FortiGate Administration Guide.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
12 Revision 2
http://docs.fortinet.com/ • Feedback
Key concepts Email protocols
Key concepts
This chapter defines basic email and FortiMail concepts and terms.
If you are new to FortiMail units, or new to email systems, this chapter can help you to
quickly understand this document and your FortiMail unit.
This chapter contains the following sections:
• Email protocols
• Client-server connections in SMTP
• The role of DNS in email delivery
• FortiMail web-based manager modes
• FortiMail operation modes
• FortiMail high availability modes
Email protocols
There are multiple prevalent standard email protocols.
SMTP
Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending email between:
• two mail transfer agents (MTA)
• a mail user agent (MUA) and an MTA
Note: For definitions of MTA and MUA, see “Client-server connections in SMTP” on
page 14.
SMTP communications typically occur on TCP port number 25.
When an email user sends an email, their MUA uses SMTP to send the email to an MTA,
which is often their email server. The MTA then uses SMTP to directly or indirectly deliver
the email to the destination email server that hosts email for the recipient email user.
When an MTA connects to the destination email server, it determines whether the
recipient exists on the destination email server. If the recipient email address is legitimate,
then the MTA delivers the email to the email server, from which email users can then use
a protocol such as POP3 or IMAP to retrieve the email. If the recipient email address does
not exist, the MTA typically sends a separate email message to the sender, notifying them
of delivery failure.
While the basic protocol of SMTP is simple, many SMTP servers support a number of
protocol extensions for features such as authentication, encryption, multipart messages
and attachments, and may be referred to as extended SMTP (ESMTP) servers.
FortiMail units can scan SMTP traffic for spam and viruses, and support several SMTP
extensions. For details, see the Fortinet Knowledge Center article Supported SMTP-
related RFCs.
POP3
Post Office Protocol version 3 (POP3) is a standard protocol used by email clients to
retrieve email that has been delivered to and stored on an email server.
POP3 communications typically occur on TCP port number 110.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 13
http://docs.fortinet.com/ • Feedback
Client-server connections in SMTP Key concepts
Unlike IMAP, after a POP3 client downloads an email to the email user’s computer, a copy
of the email usually does not remain on the email server’s hard disk. The advantage of
this is that it frees hard disk space on the server. The disadvantage of this is that
downloaded email usually resides on only one personal computer. Unless all of their
POP3 clients are always configured to leave copies of email on the server, email users
who use multiple computers to view email, such as both a desktop and laptop, will not be
able to view from one computer any of the email previously downloaded to another
computer.
FortiMail units do not scan POP3 traffic for spam and viruses, but may use POP3 when
operating in server mode, when an email user retrieves their email. For more information
on server mode, see “FortiMail operation modes” on page 19.
IMAP
Internet Message Access Protocol (IMAP) is a standard protocol used by email clients to
retrieve email that has been delivered to and stored on an email server.
IMAP communications typically occur on TCP port number 143.
Unless configured for offline availability, IMAP clients typically initially download only the
message header. They download the message body and attachments only when the email
user selects to read the email.
Unlike POP3, when an IMAP client downloads an email to the email user’s computer, a
copy of the email remains on the email server’s hard disk. The advantage of this is that it
enables email users to view email from more than one computer. This is especially useful
in situations where more than one person may need to view an inbox, such where all
members of a department monitor a collective inbox. The disadvantage of this is that,
unless email users delete email, IMAP may more rapidly consume the server’s hard disk
space.
FortiMail units do not scan IMAP traffic for spam and viruses, but may use IMAP when
operating in server mode, when an email user retrieves their email. For more information
on server mode, see “FortiMail operation modes” on page 19.
HTTP and HTTPS
Secured and non-secured HyperText Transfer Protocols (HTTP/HTTPS), while not strictly
for the transport of email, are often used by webmail applications to view email that is
stored remotely.
HTTP communications typically occur on TCP port number 80; HTTPS communications
typically occur on TCP port number 443.
FortiMail units do not scan HTTP or HTTPS traffic for spam or viruses, but use them to
display quarantines and, if the FortiMail unit is operating in server mode, FortiMail
webmail. For more information on server mode, see “FortiMail operation modes” on
page 19.
Client-server connections in SMTP
Client-server connections and connection directionality in SMTP differ from how you may
be familiar with them in other protocols.
For example, in the SMTP protocol, an SMTP client connects to an SMTP server. This
seems consistent with the traditional client-server model of communications. However,
due to the notion of relay in SMTP, the SMTP client may be either:
• an email application on a user’s personal computer
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
14 Revision 2
http://docs.fortinet.com/ • Feedback
Key concepts Client-server connections in SMTP
• another SMTP server that acts as a delivery agent for the email user, relaying the email
to its destination email server
The placement of clients and servers within your network topology may affect the
operation mode you choose when installing a FortiMail unit. If your FortiMail unit will be
operating in gateway mode or server mode, SMTP clients — including SMTP servers
connecting as clients — must be configured to connect to the FortiMail unit.
Note: For more information on gateway mode and server mode, see “FortiMail operation
modes” on page 19.
Terms such as MTA and MUA describe server and client relationships specific to email
protocols.
MTA
A Mail Transfer Agent (MTA) is an SMTP server that relays email messages to another
SMTP server.
FortiMail units operating in gateway mode function as an MTA. FortiMail units operating in
server mode function as an MTA and full (SMTP, IMAP, POP3, webmail) email server.
In order to deliver email, unless the email is incoming and the email server has no domain
name and is accessed by IP address only, MTAs must query a DNS server for the MX
record and the corresponding A record. For more information, see “The role of DNS in
email delivery” on page 16.
MUA
A Mail User Agent (MUA), or email client, is software such as Microsoft Outlook that
enables users to send and receive email.
FortiMail units support SMTP connections for sending of email by a MUA.
FortiMail units operating in server mode support POP3 and IMAP connections for retrieval
of email by a MUA. For email users that prefer to use their web browsers to send and
retrieve email instead of a traditional MUA, FortiMail units operating in server mode also
provide FortiMail webmail.
Incoming vs. outgoing directionality
Many FortiMail features such as proxies and policies act upon the directionality of an
SMTP connection or email message. Rather than being based upon origin, incoming or
outgoing directionality is determined by whether the destination is a protected domain.
Incoming connections consist of those destined for the SMTP servers that are protected
domains of the FortiMail unit. For example, if the FortiMail unit is configured to protect the
SMTP server whose IP address is 10.1.1.1, the FortiMail unit treats all SMTP connections
destined for 10.1.1.1 as incoming.
Outgoing connections consist of those destined for SMTP servers that the FortiMail unit
has not been configured to protect. For example, if the FortiMail unit is not configured to
protect the SMTP server whose IP address is 192.168.1.1, all SMTP connections destined
for 192.168.1.1 will be treated as outgoing, regardless of their origin.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 15
http://docs.fortinet.com/ • Feedback
The role of DNS in email delivery Key concepts
Figure 1: Incoming vs. outgoing SMTP connections
Directionality at the connection level may be different than directionality at the level of
email messages contained by the connection. It is possible that an incoming connection
could contain an outgoing email message, and vice versa.
For example, in Figure 1 on page 16, connections from the internal mail relays to the
internal mail servers are outgoing connections, but they contain incoming email
messages. Conversely, connections from remote MUAs to the internal mail relays are
incoming connections, but may contain outgoing email messages if the recipients’ email
addresses (RCPT TO:) are external.
Similarly to when determining the directionality of an SMTP connection, when determining
the directionality of an email message, FortiMail units examine the domain to which the
recipient belongs: if the domain to which the recipient email address belongs is a
protected domain, the email message is considered to be incoming; if the domain to which
the recipient email address belongs is not a protected domain, the email message is
considered to be outgoing.
The role of DNS in email delivery
SMTP can be configured to operate without DNS, using IP addresses instead of domain
names for SMTP clients, SMTP servers, and recipient email addresses. However, this
configuration is rare.
SMTP as it is typically used relies upon DNS to determine the mail gateway server (MX)
for a domain name, and to resolve domain names into IP addresses. As such, you usually
must configure email servers and FortiMail units to be able to query a DNS server.
In addition, you may also be required to configure the DNS server with an MX record, an A
record, and a reverse DNS record for protected domain names and for the domain name
of the FortiMail unit itself.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
16 Revision 2
http://docs.fortinet.com/ • Feedback
Key concepts The role of DNS in email delivery
MX record
Mail Exchanger (MX) records are configured on a DNS server. MX records for a domain
name indicate designated email servers or email gateways that deliver email to that
domain, and their order of preference. In their most simple form, MX records use the
following format:
example.com IN MX 10 mail.example.com
where:
• example.com is the name of the domain
• IN indicates the Internet protocol class
• MX indicates that the DNS resource record is of the MX type
• 10 indicates the order of preference (greater values indicate lower preference)
• mail.example.com is the host name of an email server or gateway
When an email client sends an email, the sender’s MTA queries a DNS server for the MX
record of the domain name in the recipient’s email address. To resolve the host name of
the MTA referenced by the MX record, it then queries for the A record of the destination
MTA. That A record provides the IP address of the email server or gateway. The sender’s
MTA then attempts to deliver the email to that IP address.
For example, if the recipient email address is user1@example.com, in order to deliver the
email, the sender’s MTA would query the MX and A records to determine the IP address of
the email gateway of example.com.
Often, the domain name and/or IP address of the email domain is different from that of its
email server or gateway. The fully qualified domain name (FQDN) of an email server or
gateway may be a subdomain or another domain name entirely, such as that of the MTA of
an Internet service provider (ISP). For example, the email gateways for the email domain
example.com could be mail1.example.com and mail2.example.com, or
mail.isp.example.net.
If your FortiMail unit will operate in transparent mode, and you will configure it be fully
transparent at both the IP layer and in the SMTP envelope and message headers by
enabling “Hide this box from the mail server” in the session profile, “Hide the transparent
box” in the protected domain, and “Use client-specified SMTP server to send email” for the
proxies, no MX record changes are required.
If your FortiMail unit will operate in gateway mode or server mode, or in transparent mode
while not configured to be fully transparent, you must configure the public DNS server for
your domain name with an MX record that refers to the FortiMail unit which will operate as
the email gateway, such as:
example.com IN MX 10 fortimail.example.com
Caution: If your FortiMail unit will operate in gateway mode or server mode, or in
transparent mode while not fully transparent, configure the MX record to refer to the
FortiMail unit, and remove other MX records. If you do not configure the MX record to refer
to the FortiMail unit, or if other MX records exist that do not refer to the FortiMail unit,
external MTAs may not be able to deliver email to or through the FortiMail unit, or may be
able to bypass the FortiMail unit. If you have configured secondary MX records for failover
reasons, consider configuring FortiMail high availability (HA) instead. For details, see
“FortiMail high availability modes” on page 19.
Note: For more information on gateway mode and server mode, see “FortiMail operation
modes” on page 19.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 17
http://docs.fortinet.com/ • Feedback
The role of DNS in email delivery Key concepts
Exceptions include if you are configuring a private DNS server for use with the Use MX
Record option (see “Use MX Record” on page 83). In that case, rather than referencing
the FortiMail unit as the mail gateway and being used by external SMTP servers to route
mail, the MX record references the protected SMTP server and is used by the FortiMail
unit to define the SMTP servers for the protected domain.
A record
A records are configured on a DNS server. A records indicate the IP address to which a
host name resolves. In their most simple form, A records use the following format:
mail IN A 192.168.1.10
where:
• mail is the name of the host
• IN indicates the Internet protocol class
• A indicates that the DNS resource record is of the IPv4 address type
• 192.168.1.10 indicates the IP address that hosts the domain name
When an email client sends an email, the sender’s MTA queries a DNS server for the MX
record of the domain name in the recipient’s email address. To resolve the host name of
the MTA referenced by the MX record, it then queries for the A record of the destination
MTA. That A record provides the IP address of the email server or gateway. The sender’s
MTA then attempts to deliver the email to that IP address.
You must configure the public DNS server for your host names with an A record to resolve
the host names referenced in MX records, and the host name of the FortiMail unit, if any.
For example, if an MX record is:
example.com IN MX 10 fortimail.example.com
the required A record in the example.com zone file might be:
fortimail IN A 192.168.1.15
Reverse DNS record
Because the SMTP protocol does not strictly require SMTP clients to use their own
domain name during the SMTP greeting, it is possible to spoof the origin domain. In an
attempt to bypass antispam measures against domain names known to be associated
with spam, spammers often exploit that aspect of SMTP by pretending to send email from
legitimate domains.
For example, the spammer spam.example.com might initiate an SMTP session with the
command:
EHLO nonspam.example.edu
To prevent this form of attack, many SMTP servers query reverse DNS records to verify
that the domain name provided in the SMTP greeting genuinely matches the IP address of
the connecting SMTP client.
You should configure the public DNS server for your protected domain names with a
reverse DNS record to resolve the IP addresses of your protected SMTP servers and/or
FortiMail unit into domain names.
For example, if the outgoing MTA for example.com is the FortiMail unit,
fortimail.example.com, and the public network IP address of the FortiMail unit is
10.10.10.1, a public DNS server’s reverse DNS zone file for the 10.10.10.0/24 subnet
might contain:
1 IN PTR fortimail.example.com.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
18 Revision 2
http://docs.fortinet.com/ • Feedback
Key concepts FortiMail web-based manager modes
where fortimail.example.com is the FQDN of the FortiMail unit.
Note: Reverse DNS records are required for FortiMail units operating in gateway mode or
server mode. However, they are also required for FortiMail units operating in transparent
mode, unless they have been configured to be completely transparent. For more
information on transparency, see the FortiMail Administration Guide.
FortiMail web-based manager modes
The web-based manager has two modes: basic mode and advanced mode.
• Basic mode: Provides easy navigation using a simplified set of menu options that
allow for many typical FortiMail unit configurations, and includes the Quick Start
Wizard.
• Advanced mode: Provides the full set of menu options which allows you to achieve
more complex configurations, but does not include the Quick Start Wizard.
Unless otherwise specified, this document describes setup of the FortiMail unit using the
basic mode of the web-based manager.
For more information on basic mode, advanced mode, the Quick Start Wizard, or
configuring your FortiMail unit using either mode of the web-based manager, see the
FortiMail Administration Guide.
FortiMail operation modes
FortiMail units can run in one of three operation modes: gateway mode, transparent mode,
and server mode.
• Gateway mode: The FortiMail unit acts as a mail transfer agent (MTA), or email
gateway, relaying email to and from the email servers that it protects. It does not locally
store email unless queued or quarantined.
• Transparent mode: The FortiMail unit transparently proxies or relays email traffic to
and from the email servers that it protects. It does not locally store email unless
queued or quarantined.
• Server mode: The FortiMail unit operates as a stand-alone email server and MTA. The
FortiMail unit locally stores email for delivery to its email users. Email users can access
their email using FortiMail webmail, POP3, or IMAP.
All operation modes can scan email traffic for viruses and spam, and can quarantine
suspicious email and attachments.
For more information on the differences between operation modes and configuring the
operation mode, see “Choosing the operation mode” on page 71.
FortiMail high availability modes
FortiMail units can be configured to operate in high availability (HA) clusters. FortiMail HA
has two modes: active-passive and config-only.
• Active-passive HA: Two FortiMail units operate as an HA cluster, synchronizing both
configuration and data, providing failover protection.
• Config-only HA: Up to 25 FortiMail units use an identical configuration, but do not
synchronize data, and therefore operate as independent FortiMail units.
Fortinet recommends HA to achieve uninterrupted service.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 19
http://docs.fortinet.com/ • Feedback
FortiMail high availability modes Key concepts
For more information on HA, see the FortiMail Administration Guide.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
20 Revision 2
http://docs.fortinet.com/ • Feedback
Hardware installation Cautions and warnings
Hardware installation
This chapter provides information on mounting and connecting a FortiMail unit (except for
the FortiMail-2000B unit and FortiMail-5001A board) to your network. For information
about installing the FortiMail-2000B unit, see “FortiMail-2000B hardware installation” on
page 33. For information about installing the FortiMail-5001A board, see the “FortiMail5001A hardware installation” on page 53.
This chapter includes the following topics:
• Cautions and warnings
• Environmental specifications
• Mounting the FortiMail unit
• Powering on the FortiMail unit
• Turning off the FortiMail unit
• Connecting to the web-based manager or CLI
Cautions and warnings
Review the following cautions before installing your FortiMail unit.
Grounding
• Ensure the FortiMail unit is connected and properly grounded to a lightning and surge
protector. WAN or LAN connections that enter the premises from outside the building
should be connected to an Ethernet CAT5 (10/100 Mb/s) surge protector.
• Shielded Twisted Pair (STP) Ethernet cables should be used whenever possible rather
than Unshielded Twisted Pair (UTP).
• Do not connect or disconnect cables during lightning activity to avoid damage to the
FortiMail unit or personal injury.
Rack mount instructions
• Elevated Operating Ambient: If installed in a closed or multi-unit rack assembly, the
operating ambient temperature of the rack environment may be greater than room
ambient temperature. Therefore, consideration should be given to installing the
equipment in an environment compatible with the maximum ambient temperature
(Tma) specified by the manufacturer.
• Reduced Air Flow: Installation of the equipment in a rack should be such that the
amount of air flow required for safe operation of the equipment is not compromised.
• Mechanical Loading: Mounting of the equipment in the rack should be such that a
hazardous condition is not achieved due to uneven mechanical loading.
• Circuit Overloading: Consideration should be given to the connection of the
equipment to the supply circuit and the effect that overloading of the circuits might have
on overcurrent protection and supply wiring. Appropriate consideration of equipment
nameplate ratings should be used when addressing this concern.
• Reliable Earthing: Reliable earthing of rack-mounted equipment should be
maintained.
Particular attention should be given to supply connections other than direct connections to
the branch circuit (e.g. use of power strips).
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 21
http://docs.fortinet.com/ • Feedback
Environmental specifications Hardware installation
If required to fit into a rack unit, remove the rubber feet from the bottom of the FortiMail
unit.
Environmental specifications
• Operating temperature: 32 to 104°F (0 to 40°C)
If you install the FortiMail unit in a closed or multi-unit rack assembly, the operating
ambient temperature of the rack environment may be greater than room ambient
temperature. Therefore, make sure to install the equipment in an environment
compatible with the manufacturer's maximum rated ambient temperature.
• Storage temperature: -13 to 158°F (-25 to 70°C)
• Humidity: 5 to 90% non-condensing
• Air flow: For rack installation, make sure that the amount of air flow required for safe
operation of the equipment is not compromised.
For free-standing installation, make sure that the FortiMail unit has sufficient clearance
on each side to allow for adequate air flow and cooling.
Mounting the FortiMail unit
FortiMail-100 and FortiMail-100C
Adhere the rubber feet included in the package to the underside of the FortiMail unit, near
the corners of the unit if not already attached.
Place the FortiMail unit on any flat, stable surface. Ensure the FortiMail unit has sufficient
clearance on each side to ensure adequate airflow for cooling.
If you remove the rubber feet, you can alternatively mount the FortiMail unit in a 2U-tall
space in any standard 19-inch rack unit.
FortiMail-400
The FortiMail unit can be placed on any flat surface, or mounted in a standard 19-inch rack
unit.
When placing the FortiMail unit on any flat, stable surface, ensure the FortiMail unit has
sufficient clearance on each side to ensure adequate airflow for cooling.
For rack mounting, use the mounting brackets and screws included with the FortiMail unit.
Caution: To avoid personal injury, you may require two or more people to mount the
FortiMail unit in the rack.
To install the FortiMail unit into a rack
1 Attach the mounting brackets to the side to the unit so that the brackets are on the front
portion of the FortiMail unit.
The following photos illustrate how the brackets should be mounted. Note that the
screw configuration may vary.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
22 Revision 2
http://docs.fortinet.com/ • Feedback
Hardware installation Mounting the FortiMail unit
Figure 2: Installed mounting brackets
2 Position the FortiMail unit in the rack to allow for sufficient air flow.
3 Line up the mounting bracket holes to the holes on the rack, ensuring the FortiMail unit
is level.
4 Finger tighten the screws to attach the FortiMail unit to the rack.
5 Once you verify the spacing of the FortiMail unit and that it is level, tighten the screws
with a screwdriver.
Figure 3: Mounting in a rack
FortiMail-2000A and FortiMail-4000A
To mount the FortiMail unit on a 19-inch rack or cabinet, use the slide rails included with
the product.
Caution: To avoid personal injury or damage to the FortiMail unit, it is highly recommended
a minimum of two people perform this procedure.
Mounting requires three steps:
• disassembling the slide rail from the slide housing
• attaching the slide rail to the sides of the FortiMail unit
• mounting the FortiMail unit to the rack or cabinet
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 23
http://docs.fortinet.com/ • Feedback
Mounting the FortiMail unit Hardware installation
Rail housing
Sliding Rail
Rail Lock
Disassembling the slide rail
The slide rail assembly has two moving rails within the housing. You need to remove the
innermost rail. This rail will attach to the sides of the FortiMail unit.
Figure 4: FortiMail side rail
To remove the side rail
1 Open the slide rails package and remove the rails.
2 Extend the slide rail and locate the slide rail lock.
3 Push down on the lock while pulling the rail completely out of the slide rail assembly.
4 Repeat these steps for the other slide rail assembly.
You will attach this part to the side of the FortiMail unit.
24 Revision 2
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
http://docs.fortinet.com/ • Feedback
Hardware installation Mounting the FortiMail unit
Attaching the slide rail to the FortiMail unit
Attach the disconnected slide rails from the previous step to the sides of the FortiMail unit.
Use the screws provided with the slide rail package, being sure to securely fasten the rail
to the FortiMail chassis.
Mounting the FortiMail unit
Mounting the FortiMail-2000A or FortiMail-4000A is a two step process. First, you must
attached the slide rail housing to the rack or cabinet, then insert the FortiMail unit.
To mount the FortiMail unit
1 Mount the slide rail housing to the rack or cabinet frame. Adjust the outside L-shaped
brackets for a proper fit. Ensure that both housings are on the same level to ensure the
FortiMail unit can easily glide into place and is level.
2 Use the screws and additional L-brackets if required to securely fasten the housing.
3 Position the FortiMail unit so that the back of the unit is facing the rack, and the slide
rails affixed in the previous step line up with the slide rail housing.
4 Gently push the FortiMail unit into the rack or cabinet. You will hear a click when the
slide rail lock has been engaged.
5 Push the FortiMail unit until it is fully inserted into the rack.
FortiMail-2000B
The FortiMail-2000B rack mounting and hard drive installation is described in the
“FortiMail-2000B hardware installation” on page 33.
FortiMail-5001A
Before using the FortiMail-5001A board, it must be inserted into an Advanced
Telecommunications Computing Architecture (ACTA) chassis such as the FortiGate-5140,
FortiGate-5050, or FortiGate-5020 chassis.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 25
http://docs.fortinet.com/ • Feedback
Powering on the FortiMail unit Hardware installation
For information about installing the FortiMail-5001A board, see the “FortiMail-5001A
hardware installation” on page 53.
Powering on the FortiMail unit
FortiMail-100 and FortiMail-100C
The FortiMail-100 does not have a power switch.
To power on the FortiMail unit
1 Connect the AC adapter to the power connection at the back of the FortiMail unit.
2 Connect the AC adapter to the power cable.
3 Connect the power cable to a power outlet.
The FortiMail unit starts and the Power and Status LEDs light up. The Status LEDs
flash while the FortiMail unit starts up, and remain lit when the system is running.
FortiMail-400
Use the following steps to connect the power supply to the FortiMail unit.
To power on the FortiMail unit
1 Ensure the power switch, located at the back of the FortiMail unit is in the off position,
indicated by the “O”.
2 Connect the power cord at the back of the FortiMail unit.
3 Connect the power cable to a power outlet.
4 Set the power switch on the back left of the FortiMail unit to the on position indicated by
the “I”.
After a few seconds, SYSTEM STARTING appears on the LCD. The main menu setting
appears on the LCD when the system is running.
FortiMail-2000A and FortiMail-4000A
The FortiMail unit does not have an on/off switch.
To power on the FortiMail unit
1 Connect the two power cables to the power connections on the back of the
FortiMail unit.
2 Connect the two power cables to power outlets.
Each power cable should be connected to a different power source. If one power
source fails, the other may still be operative.
After a few seconds, SYSTEM STARTING appears on the LCD. The main menu setting
appears on the LCD when the system is running.
The FortiMail unit starts and the Power and Status LEDs light up. The Status LEDs
flash while the FortiMail unit starts up, and remain lit when the system is running.
Note: If only one power supply is connected, an audible alarm sounds to indicate a failed
power supply. Press the red alarm cancel button on the rear panel next to the power supply
to stop the alarm.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
26 Revision 2
http://docs.fortinet.com/ • Feedback
Hardware installation Turning off the FortiMail unit
FortiMail-2000B
Use the following steps to connect the power supply to the FortiMail unit.
To power on the FortiMail unit
1 Connect the two power cables to the power connections on the back of the
FortiMail unit.
2 Connect the two power cables to power outlets.
Each power cable should be connected to a different power source. If one power
source fails, the other may still be operative.
3 Press the power switch on the front to turn on the unit.
FortiMail-5001A
To power on the FortiMail-5001A board, you must turn on the chassis power. For details,
see the FortiGate 5000 series chassis guides at http://docs.fortinet.com.
Connecting to the network
Until the FortiMail unit is configured with an IP address and other settings in the Quick
Start Wizard required to connect to your network, you may prefer to connect the FortiMail
unit directly to your management computer, or through a switch, in a peer network that is
isolated from your overall network. However, isolation is not required.
Note: If you will upgrade the FortiMail firmware and configure the FortiMail unit while it is
isolated from your overall network, download the FortiMail firmware to your management
computer before disconnecting it from your overall network. For details, see “Updating the
firmware” on page 63.
Using the supplied Ethernet cable, connect one end of the cable to port1 on the FortiMail
unit; connect the other end of the cable to the router, switch, or directly to your
management computer.
Turning off the FortiMail unit
Always shut down the FortiMail unit properly before turning off the power switch to avoid
potential hardware problems. This enables the hard drives to spin down and park correctly
and avoid losing data.
To power off the FortiMail unit
1 From the web-based manager (see “Connecting to the web-based manager” on
page 28), go to Management > Status > Status in the basic mode of the web-based
manager, or System > Status > Status in the advanced mode of the web-based
manager.
2 In the System Command widget, select Shutdown.
3 Turn off and/or disconnect the power cables from the power supply.
Powering off the FortiMail-5001A board
To avoid potential hardware problems or data loss, always shut down the board before
powering down the chassis.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 27
http://docs.fortinet.com/ • Feedback
Connecting to the web-based manager or CLI Hardware installation
Note: Executing a shutdown command will shut down the board’s operating system. The
board itself will still receive power from the chassis and indicator lights on the board may
remain lit after a successful shut down operation.
Powering off the FortiMail board using the web-based manager
1 To shut down the FortiMail board, go to System > Status in the advanced
management mode or Management > Status in the basic management mode.
2 Select Shutdown under System Command.
3 Confirm the operation by selecting OK.
4 The FortiMail board is now shut down. Power to the chassis can be safely turned off.
Powering off the FortiMail board using the CLI commands
1 Connect to the FortiMail board and enter the shutdown command.
execute shutdown
2 Confirm the operation by pressing y.
You can now safely turn off power to the chassis.
Connecting to the web-based manager or CLI
To configure, maintain, and administer the FortiMail unit, you need to connect to it. There
are three methods for these tasks:
• using the web-based manager, a graphical user interface (GUI), from within a current
web browser
• using the command line interface (CLI), a command line interface similar to DOS or
UNIX commands, from a Secure Shell (SSH) or Telnet terminal
• using the front panel’s LCD display and control buttons on some models that are
equipped with LCD displays and control buttons
If you are connecting for the first time, or if you have just reset the configuration to its
default state, or have just restored the firmware, access to the CLI and/or web-based
manager is not yet configured, and you must access it using the default settings.
In that case, you can use the following procedures to connect.
After you have connected, you can use the web-based manager or CLI to configure basic
network settings and access to the CLI and/or web-based manager through your network.
Connecting to the web-based manager
To connect to the web-based manager using its default settings, you must have:
• a computer with an Ethernet port
• a web browser such as Microsoft Internet Explorer version 6.0 or greater, or a recent
version of Mozilla Firefox, with Adobe Flash Player 10 or greater plug-in
• a crossover Ethernet cable
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
28 Revision 2
http://docs.fortinet.com/ • Feedback
Hardware installation Connecting to the web-based manager or CLI
Table 2: Default settings for connecting to the web-based manager
Network Interface port1
URL https://192.168.1.99/admin
Administrator Account admin
Password (none)
To connect to the web-based manager
1 On your management computer, configure the Ethernet port with the static IP address
192.168.1.2 with a netmask of 255.255.255.0.
1 Using the Ethernet cable, connect your computer’s Ethernet port to the FortiMail unit’s
port1.
2 Start your web browser and enter the URL https://192.168.1.99/admin. (Remember to
include the “s” in https://.)
To support HTTPS authentication, the FortiMail unit ships with a self-signed security
certificate, which it presents to clients whenever they initiate an HTTPS connection to
the FortiMail unit. When you connect, depending on your web browser and prior
access of the FortiMail unit, your browser might display two security warnings related
to this certificate:
• The certificate is not automatically trusted because it is self-signed, rather than
being signed by a valid certificate authority (CA). Self-signed certificates cannot be
verified with a proper CA, and therefore might be fraudulent. You must manually
indicate whether or not to trust the certificate.
• The certificate might belong to another web site. The common name (CN) field in
the certificate, which usually contains the host name of the web site, does not
exactly match the URL you requested. This could indicate server identity theft, but
could also simply indicate that the certificate contains a domain name while you
have entered an IP address. You must manually indicate whether this mismatch is
normal or not.
Both warnings are normal for the default certificate.
3 Verify and accept the certificate, either permanently (the web browser will not display
the self-signing warning again) or temporarily. You will not be able to log in until you
have accepted the certificate.
For details on accepting the certificate, see the documentation for your web browser.
4 In the Name field, type admin, then select Login. (In its default state, there is no
password for this account.)
Login credentials entered are encrypted before they are sent to the FortiMail unit. If
your login is successful, the web-based manager is displayed. To continue, see
“Updating the firmware” on page 63.
Connecting to the CLI
Using its default settings, you can access the CLI from your management computer using
either of these two ways:
• a local serial console connection
• an SSH connection, either local or through the network
To connect to the CLI using a local serial console connection, you must have:
• a computer with a serial communications (COM) port
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2 29
http://docs.fortinet.com/ • Feedback
Connecting to the web-based manager or CLI Hardware installation
• the RJ-45-to-DB-9 serial or null modem cable included in your FortiMail package
• terminal emulation software, such as HyperTerminal for Microsoft Windows
To connect to the CLI using an SSH connection, you must have:
• a computer with an Ethernet port
• a crossover Ethernet cable
• an SSH client, such as PuTTY
Table 3: Default settings for connecting to the CLI by SSH
Network Interface port1
IP Address 192.168.1.99
SSH Port Number 22
Administrator Account admin
Password (none)
To connect to the CLI using a local serial console connection
Note: The following procedure uses Microsoft HyperTerminal. Steps may vary with other
terminal emulators.
1 Using the RJ-45-to-DB-9 or null modem cable, connect your computer’s serial
communications (COM) port to the FortiMail unit’s console port.
2 Verify that the FortiMail unit is powered on.
3 On your management computer, start HyperTerminal.
4 On Connection Description, enter a Name for the connection, and select OK.
5 On Connect To, from Connect using, select the communications (COM) port where you
connected the FortiMail unit.
6 Select OK.
7 Select the following Port settings and select OK.
Bits per second 9600
Data bits 8
Parity None
Stop bits 1
Flow control None
8 Press Enter.
The terminal emulator connects to the CLI, and the CLI displays a login prompt.
9 Type admin and press Enter twice. (In its default state, there is no password for this
account.)
The CLI displays the following text:
Welcome!
Type ? for a list of commands.
You can now enter commands. To continue, see “Updating the firmware” on page 63.
For information about how to use the CLI, including how to connect to the CLI using
SSH or Telnet, see the FortiMail CLI Reference.
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
30 Revision 2
http://docs.fortinet.com/ • Feedback
Loading...