This article describes setting up an IP Pool on the FortiGate for a mail server when NAT is configured.

First, create an address entry for the email server.

To create an address:

1. Go to Firewall -> Address.
2. Select Create New.
3. Add the IP for the email server with a netmask of 255.255.255.255.
4. Select OK.

Next, create an IP Pool with the email server address.

To create an IP Pool:

• Go to Policy & Objects -> IP Pool.

1. Select Create New.
2. Enter a name for the IP Pool.
3. Enter the IP address range. In this case, it will be a single address of the email server. Do not include the netmask.
4. Select OK.

Create a firewall policy for this NAT translation.

To create a firewall policy:

1. Go to Firewall -> Policy.
2. Select Create New and complete the following:
   

   Source	Internal
   Address Name	The address created for the mail server.
   Destination	All
   Address Name	All
   Schedule	Always
   Service	SMTP
   Action	Accept

3. Select the NAT Checkbox and select Dynamic IP Pool.
4. Select the IP Pool that was created from the drop-down list.
5. Select OK.

Note: The new rule should be placed before the Internal to External. Allow Any Rule for normal traffic to ensure that the FortiGate unit translates the email traffic before the normal Internet traffic.