FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpriya
Staff
Staff
Article Id 194102
Description This article describes how to configure email alerts for security profile, administrative, and VPN events.
Scope FortiGate
Solution

From GUI.

Configure a mail service.


By default, it will be using the mail server of Fortinet and can be customized by enabling the custom settings under System -> Settings -> Email Service.

system-setting.PNG

 

To configure an alert email:
Go to Log & Report and enable 'Email Alert Settings'. Enable required events for alert mail. On FortiOS 6.4.0 and above, 'Email Alert Settings' is removed from the GUI. It can be configured with the 'config alertemail setting' command as shown below.
 
mzainuddinahm_0-1741089702836.png 
 
From the CLI:
  • To configure the default email server (notification.fortinet.net): 
 
config system email-server
    set server "notification.fortinet.net"
    set reply-to "admin@fortinet.com"  <--- This option has been removed from v7.4.4.
    set source-ip 0.0.0.0  <----- This is an important field to set (the source IP that is used to send out the email traffic).
    set port 465

    set security smtps
end
 
Note: 
This setting is often required on conditions where the wan IP address cannot reach the internet directly or public visibility is handled by secondary IP on the WAN role interface.
 
If there is no response from the server, change the outgoing interface.

config system email-server

    set interface-select-method specify

    set interface port1   <--- Specify the outgoing interface.

end

 

auto --> Set outgoing interface automatically.
sdwan
--> Set outgoing interface by SD-WAN or policy routing rules.
specify 
--> Set outgoing interface manually.

 

  • To configure a custom email service in the CLI.
 
config system email-server
    set type custom
    set reply-to "helpdesk@fortinet.com" <--- This option has been removed from v7.4.4.
    set server "smtp.office365.com"
    set port 587
    set source-ip 0.0.0.0  <----- This is an important field to set (source IP which is used to send out the email traffic).
    set source-ip6 ::
    set authenticate enable
    set validate-server disable
    set username "example@domain.it"
    set security starttls
    set ssl-min-proto-version default
end
 
Note:
From v6.4.10, v7.0.8, v7.2.0, and above, the ‘reply-to’ option is only configurable when using a custom SMTP Server. It will not be available when using the default SMTP server 'notification.fortinet.net'.

Starting from v7.4.0 the default email server in FortiOS has been updated from notification.fortinet.net to fortinet-notifications.com.
On v7.4.4 and later, the 'reply-to' address is now automatically set to DoNotReply@fortinet-notifications.com for all email servers, including custom configurations. As a result, the 'reply-to' option is no longer available even on a custom SMTP server and thus cannot be changed.

 

config system email-server

    set type custom                                          

    set server "smtp.office.365.com"

    set port 587

    set source-ip 0.0.0.0

    set source-ip6 ::

    set authenticate enable

    set validate-server disable

    set username "test@notify.fortinet.com"

    set password ENC ***

    set security starttls

    set ssl-min-proto-version default

 set interface-select-method auto

end

 
  • To configure 'Email Alert Settings'.
 
config alertemail setting
    set username "test@example.com"
    set mailto1 "test@example.com"
    set HA-logs enable
    set IPsec-errors-logs enable
    set PPP-errors-logs enable
    set sslvpn-authentication-errors-logs enable
    set configuration-changes-logs enable
end
 

After the settings are completed, a test email can be triggered to test the settings:

 

diagnose log alertmail test

 

If the issue persists, collect the output of the following debug commands:

 

To collect the debug outputs for email alerts:

 

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1

 

Send a test activation mail: 

 

diagnose log alertmail test

 

Disable the debugging afterwards:


diag debug disable
diag debug reset

 

Save the output. Either download it via the CLI window or use the PuTTY tool to log them. Attach the debug logs to the case for TAC review.

Note:

If 'username' and 'mailto' are set on the same domain name, the email cannot be received. They must be on different domain names.

 

Related articles:

Technical Tip: How to configure SMTP using custom server and port on FortiGate

Technical Tip: Email alert settings not available

*Updated default Email-Server - FortiOS v7.4.4 documentation