FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
RuiChang
Staff
Staff
Article Id 232332
Description

 

This article describes how to troubleshoot the unable resolve DNS to the mail server from FortiAnalyzer.

 

Scope

 

FortiManager / FortiAnalyzer.

 

Solution

 

From the CLI:

Test the connectivity of ForiAnalyzer with the mail server with the CLI command below:

 

diagnose test connection mailserver <server-name> <mail-from> <mail-to>

 

Example:

 

The test results will provide the error highlighted in red below:

 

diagnose test connection mailserver test test@hotmail.com test2@hotmail.com

Testing SMTP server test, please wait...

* Could not resolve host: test 

* Closing connection 0

Failed to send a test email to test2@hotmail.com through test.

Please check your configuration.

Command fail. Return code 6

 

From GUI:

  1. Go to System Settings -> Advanced -> Mail Server, 'Right-click' the mail server and test.

 

RuiChang_7-1670316034952.png

 

  1. Enter the email address used to test in 'from' and 'to', and select 'OK'.

RuiChang_5-1670315853658.png

 

Note.

Diagnosing with the CLI command will provide an error message to ease the troubleshooting process as shown in the example below:

 

RuiChang_6-1670315853692.png

 

Troubleshooting Steps.

 

Section 1:

 

Ensure FortiAnalyzer is able to connect to the DNS server.

 

Example:

 

exe ping 8.8.8.8

exe ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

64 bytes from 8.8.8.8: seq=0 ttl=118 time=1.584 ms

64 bytes from 8.8.8.8: seq=1 ttl=118 time=2.905 ms

64 bytes from 8.8.8.8: seq=2 ttl=118 time=2.846 ms

64 bytes from 8.8.8.8: seq=3 ttl=118 time=2.738 ms

 

--- 8.8.8.8 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max = 1.584/2.518/2.905 ms

 

If the Internet is down, check the hardware and routing of FortiAnalyzer

 

Section 2:

 

Ensure FortiAnalyzer is able to resolve DNS to the mail server.

 

Example:

 

exe ping google.com

ping: bad address 'google.com'

 

If FortiAnalyzer is unable to resolve DNS, make the configuration to a working DNS server as shown below:

 

config sys dns

   set primary <Primary DNS Server>

   set secondary <Secondary DNS Server>

end

 

Section 3:

If both methods are working, ping the mail server and ensure the mail server is up.

 

Example:

 

exe ping smtp@gmail.com

PING google.com (216.58.221.206): 56 data bytes

64 bytes from 216.58.221.206: seq=0 ttl=118 time=3.115 ms

64 bytes from 216.58.221.206: seq=1 ttl=118 time=2.519 ms

64 bytes from 216.58.221.206: seq=2 ttl=118 time=2.988 ms

64 bytes from 216.58.221.206: seq=3 ttl=118 time=2.467 ms

 

Section 4:

 

Check the port configuration for the mail server. By default, port TCP/25 is configured for SMTP.

If port TCP/587 (SMTPS) are configured, make sure the following configuration is done as well:

 

config system mail

    edit <id>

        set secure-option smtps

    end

 

Section 5:

 

Ensure the upstream firewall has allowed ports TCP/25 & port TCP/587. 

 

Section 6:

 

If none of the methods above resolve the issue, run the debug flow below and collect information for TAC support.

 

diagnose debug application fazmaild 255
diagnose debug enable

 

To stop the debug flow:

diagnose debug disable

diagnose debug reset


Related articles: