FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to troubleshoot Email alert not able to sent out via default email alert settings.

Make sure to have a working WAN link to send out the email.

Do a test ping to the default mail server :


# exe ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=41 time=196.1 ms
64 bytes from icmp_seq=1 ttl=41 time=195.7 ms
64 bytes from icmp_seq=2 ttl=41 time=195.9 ms
64 bytes from icmp_seq=3 ttl=41 time=195.9 ms
64 bytes from icmp_seq=4 ttl=41 time=195.3 ms


Then, check the existing configuration in FortiGate.


Below is an example of default settings :


Fortigate# get system email-server
type : custom
reply-to :
server :
port : 465
source-ip :
source-ip6 : ::
authenticate : disable
validate-server : disable
security : smtps
ssl-min-proto-version: default
interface-select-method: auto


In some cases, it is necessary to configure the interface manually:


Fortigate# set interface-select-method
auto Set outgoing interface automatically.
sdwan Set outgoing interface by SD-WAN or policy routing rules.
specify Set outgoing interface manually.


To collect the debug for email alert :


# diag debug reset
# diag debug enable
# diag debug console timestamp enable
# diag debug application alertmail -1


Send a test activation mail: 


# diagnose log alertmail test


Then disable debug :

# diag debug disable
# diag debug reset


Save the output either download it via CLI window, or use Putty tool to log them, in order to attach the debug logs to the case for TAC review.