Flow mode or Proxy Mode on Email Inspection?

Forum|Forum|5 years ago
April 23, 2021
1 reply
4700 views

Hello Guys,

i need an clarification about using proxy mode with deep inspection on emailfiltering.

I have and internal Exchange Server and today most of the traffic on port 25 use SSL.

So i want to switch from Flow Mode to proxy mode and inspect all traffic, but when i tried to do i wasn't to be able to recieve emails.

I think that FGT use only built-in SSL certificate to inspect traffic and Exchange cannot recognize this certificate. Need i to import this certificate in Exchange server or is possible to Inspect port 25 with our public cert like "mail.domain.com" ?

thank you very much for any hints!

6.4

Markus

New Member

Hi, Import your "mail.domain.com" cert into Fortigate and define the SSL profile. Thats the way it works. https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/55107/protecting-an-ssl-server

Best

Micky182Author

New Member

Thank you very much Markus!

Yurisk

SuperUser

Additionally, if you want to apply AntiSpam profile to the inspected traffic to filter for spam, you have to use Proxy mode for the policy, not flow one.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded