Description
This article describes how to set up an email notification with the Fortinet default SMTP mail server. The default is notification.fortinet.net for FortiManager and FortiAnalyzer.
Scope
FortiManager and FortiAnalyzer v6.4.6 GA or v7.0.0 GA and higher.
Solution
Setting up email notifications in the CLI or the GUI is possible. In both cases, the upstream firewall must allow an open port of TCP/465.
Set up email notifications from the CLI:
Run the following commands. The authentication type must be set to 'certificate'.
config system mail
edit "notification.fortinet.net"
set auth enable
set auth-type certificate
set local-cert "Fortinet_Local"
set port 465
set secure-option smtps
set server "notification.fortinet.net"
next
end
Set up email notifications from the GUI:
Go to System Settings -> Advanced -> Mail Server (email and password are not required if certificate verification is set):
Use the following command to test the connection. Any source and destination email can be selected.
An example output has been provided:
diagnose test connection mailserver notification.fortinet.net faz@fortinet.com xyz@fortinet.com
Testing SMTP server notification.fortinet.net, please wait...
* Trying 208.91.114.151:465...
* Connected to notification.fortinet.net (208.91.114.151) port 465 (#0)
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=FortiMail; CN=FortiMail; emailAddress=support@fortinet.com
* start date: Jul 3 17:24:18 2015 GMT
* expire date: Jan 19 03:14:07 2038 GMT
* issuer: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=Certificate Authority; CN=support; emailAddress=support@fortinet.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* old SSL session ID is stale, removing
< 220 notification.fortinet.net ESMTP Smtpd; Wed, 23 Nov 2022 06:52:19 -0800
> EHLO FAZVM64
< 250-notification.fortinet.net Hello 129-10.83-90.static-ip.oleane.fr [90.83.10.129], pleased to meet you
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-8BITMIME
< 250-SIZE 10485760
< 250-AUTH LOGIN PLAIN
< 250-DELIVERBY
< 250 HELP
> MAIL FROM:<faz@fortine.com>
< 250 2.1.0 <faz@fortine.com>... Sender ok
> RCPT TO:<xyz@fortinet.com>
< 250 2.1.5 <xyz@fortinet.com>... Recipient ok
> DATA
< 354 Enter mail, end with "." on a line by itself
< 250 2.0.0 2ANEqJmp005097-2ANEqJmq005097 Message accepted for delivery
* Connection #0 to host notification.fortinet.net left intact
A test email has been sent to xyz@fortinet.com through notification.fortinet.net.
Note:
It is important to use the Fortinet email address as the sender. If third-party email such as Gmail or Yahoo is used as the sender, it will not work.
As an example, 'DoNotReply@fortinet.com' can be used as a sender email.
Related article:
Troubleshooting Tip: How to understand the email SMTP issues and its causes
