| Description | This article describes how to configure email alerts for security profile, administrative, and VPN events. |
| Scope | FortiGate |
| Solution |
From GUI.
To configure an alert email:
Go to Log & Report and enable 'Email Alert Settings'. Enable required events for alert mail as shown below.  Note:
On v6.4.0 and above, 'Email Alert Settings' is removed from the GUI. It can be configured with the 'config alertemail setting' command. Example:
config alertemail setting
set username "test@example.com" set mailto1 "test@example.com" set HA-logs enable set IPsec-errors-logs enable set PPP-errors-logs enable set sslvpn-authentication-errors-logs enable set configuration-changes-logs enable end From the CLI:
config system email-server
set server "notification.fortinet.net" set reply-to "admin@fortinet.com" <--- This option has been removed from v7.4.4. set source-ip 0.0.0.0 <----- This is an important field to set (the source IP that is used to send out the email traffic). set port 465 set security smtps end Note:
This setting is often required in conditions where the WAN IP address cannot reach the internet directly or public visibility is handled by a secondary IP on the WAN role interface.
If there is no response from the server, change the outgoing interface.
config system email-server set interface-select-method specify set interface port1 <--- Specify the outgoing interface. end
auto --> Set outgoing interface automatically.
config system email-server
set type custom set reply-to "helpdesk@fortinet.com" <--- This option has been removed from v7.4.4. set server "smtp.office365.com" set port 587 set source-ip 0.0.0.0 <----- This is an important field to set (source IP which is used to send out the email traffic). set source-ip6 :: set authenticate enable set validate-server disable set username "example@domain.it" set security starttls set ssl-min-proto-version default end Note:
From v6.4.10, v7.0.8, v7.2.0, and above, the ‘reply-to’ option is only configurable when using a custom SMTP Server. It will not be available when using the default SMTP server 'notification.fortinet.net'. Starting from v7.4.0, the default email server in FortiOS has been updated from notification.fortinet.net to fortinet-notifications.com. On v7.4.4 and later, the 'reply-to' address is now automatically set to DoNotReply@fortinet-notifications.com for all email servers, including custom configurations. As a result, the 'reply-to' option is no longer available even on a custom SMTP server and thus cannot be changed.
config system email-server set type custom set server "smtp.office.365.com" set port 587 set source-ip 0.0.0.0 set source-ip6 :: set authenticate enable set validate-server disable set username "test@notify.fortinet.com" set password ENC *** set security starttls set ssl-min-proto-version default set interface-select-method auto end After the settings are completed, a test email can be triggered to test the settings:
diagnose log alertmail test
If the issue persists, collect the output of the following debug commands:
To collect the debug outputs for email alerts:
diagnose debug reset
Send a test activation email:
diagnose log alertmail test
Disable the debugging afterward:
Save the output. Either download it via the CLI window or use the PuTTY tool to log them. Attach the debug logs to the case for TAC review. If the 'username' and 'mailto' are set on the same domain name, the email cannot be received. They must be on different domain names. The maximum recipient using the 'mailto' command are 3, to configure more than 3 recipient, an email group is required or configure automation stitch as an alternative.
Related documents: Technical Tip: How to configure SMTP using custom server and port on FortiGate |
