FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 194102


This article describes how to configure email alerts for security profile, administrative and VPN events.


From GUI.

Configure a mail service.

By default, it will be using the mail server of Fortinet and can be customized by enabling the custom settings.
Go to System -> Advanced.


Configure alert email.
Go to Logs & Reports and enable 'Email Alert Settings'.
Enabled required events for alert mail.
From CLI.
To configure the default email server (
config system email-server
    set server ""
    set reply-to "" <--- Email address which is used to send email
    set source-ip <----- This is an important field to set (source IP which is used to send out the email traffic)
    set port 465
    set security smtps

To configure a custom email service in the CLI.
config system email-server
    set type custom
    set reply-to ""
    set server ""
    set port 587
    set source-ip              <----- This is an important field to set (source IP which is used to send out the email traffic).
    set source-ip6 ::
    set authenticate enable
    set validate-server disable
    set username ""
    set security starttls
    set ssl-min-proto-version default

config alertemail setting
    set username ""
    set mailto1 ""
    set HA-logs enable
    set IPsec-errors-logs enable
    set PPP-errors-logs enable
    set sslvpn-authentication-errors-logs enable
    set configuration-changes-logs enable

After the settings are completed, a test email can be triggered to test the settings:

diagnose log alertmail test


If the issue still persists, it is possible to collect the below debug:


To collect the debug for email alert :


diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1


Send a test activation mail: 


diagnose log alertmail test


Then disable debug :

diag debug disable
diag debug reset


Save the output either download it via the CLI window or use the Putty tool to log them, in order to attach the debug logs to the case for TAC review.


If 'username' and 'mailto' are set on the same domain name, the email cannot be received. They must be on different domain names.