FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tana
Staff
Staff
Article Id 199344
Description This article describes how to troubleshoot Email alerts not able to be sent out via default email alert settings.
Scope FortiGate.
Solution

Make sure to have a working WAN link to send out the email.

Do a test ping to the default mail server: notification.fortinet.net  or fortinet-notifications.com


Since v7.4.4, the default email server has been changed from notification.fortinet.net to fortinet-notifications.com.

exe ping notification.fortinet.net
PING notification.fortinet.net (208.91.114.151): 56 data bytes
64 bytes from 208.91.114.151: icmp_seq=0 ttl=41 time=196.1 ms
64 bytes from 208.91.114.151: icmp_seq=1 ttl=41 time=195.7 ms
64 bytes from 208.91.114.151: icmp_seq=2 ttl=41 time=195.9 ms
64 bytes from 208.91.114.151: icmp_seq=3 ttl=41 time=195.9 ms
64 bytes from 208.91.114.151: icmp_seq=4 ttl=41 time=195.3 ms

 

Then, check the existing configuration in FortiGate.

 

Below is an example of default settings:

 

get system email-server
type : custom
reply-to :
server : notification.fortinet.net
port : 465
source-ip : 0.0.0.0
source-ip6 : ::
authenticate : disable
validate-server : disable
security : smtps
ssl-min-proto-version: default
interface-select-method: auto

 

In some cases, it is necessary to configure the interface manually:

 

set interface-select-method
auto      Set outgoing interface automatically.
sdwan     Set outgoing interface by SD-WAN or policy routing rules.
specify   Set outgoing interface manually.

 

When the custom email server is used on FortiGate to send the emails out from the FortiGate for purposes like FortiToken Activation Email or Email Alerts, the emails may not be received at the user side

 

Check the connection to the Email Server:

  • Make sure FortiGate can reach the email server.
  • Try to ping the email server to verify the connectivity.

 

exe ping <SMTP server IP>

 

  •  If the email server is beyond the IPsec tunnel, set the source IP in the email server settings of the FortiGate with the internal interface IP.

So that, FortiGate can reach the server over the tunnel.

 

config system email-server

      ...

     set source-ip {ipv4-address}

      ...

 end

 

Run the alert mail debugs:

  •  Once the connection to the server is successful, run the below alert email debugs to see if there are any errors.

 

diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1

 

  • After enabling the email, try to send the activation mail again or trigger a test mail.

 

diagnose log alertmail test

 

Note:

This test will send out the test mail to the email address that is configured in the alertmail setting ('conf alertmail setting').

If it is not configured, no emails will be sent out.

 

Refer to this article to configure it:

Technical Tip: How to configure alert email settings

 

Troubleshooting:

  • If as per the debug, the 'send mail success' message appears and still do not receive the email, try to change the recipient email address to any public domain (Gmail or Yahoo).
  • This is because sometimes spam filters are in place on the corporate email that block or archive the emails.
  • Still, after making the change, emails are not received; make sure to have set the default-reply-to email in the email server settings.

If that is not set, the debugs will show 'send mail success' but mails will not be received.

 

 config system email-server

    set server "<Email server IP>"

    set reply-to "admin@example.com" 

 

If any failed are erroring the debugs, check for the below things:

  • If the credentials entered for the SMTP server and port number are correct.
  • Also verify the Protocol with the server as well (SMTP or SMTPS).
  • Run a packet sniffer for the email server IP and see if there is bidirectional traffic.

diagnose sniffer packet any “host <server IP> and port <port no>” 4 0 l

 

If the issue still persists, collect all the debugs and the output of the above commands and submit them to the TAC ticket along with the configuration file of the FortiGate.

 

Then, disable debug:


diagnose debug disable
diagnose debug reset

 

Save the output either download it via the CLI window or use the Putty tool to log them, to attach the debug logs to the case for TAC review.

 

Output of the Email Alert Debug

The debug below shows the important messages to check during the troubleshooting 


diagnose debug reset

diagnose debug enable

diagnose debug console timestamp enable

diagnose debug application alertmail -1
Debug messages will be on for 30 minutes.

Fortigate# 

2024-11-25 00:04:42 Arrived msg(type 8, 818 bytes):XXXXXX@gmail.com <-------- User's email.
/data2/tmp/ftm_qr_FTKMOB4B64FDA57B.png <--- QR code sent in the email.
FTM Activation on FortiGate <---- Message body (Beginning of the message)
Welcome to FortiToken Mobile - One-Time-Password software token.
Please visit https://docs.fortinet.com/ftoken.html
for instructions on how to install your FortiToken Mobile application on your device and activate your token.
You must use FortiToken Mobile version 2 or above to activate this token.
Your Activation Code, which you will need to enter on your device later, is

"EEIJEOT7WMAVXDHV"

Alternatively, use the attached QR code image to activate your token with the "Scan Barcode" feature of the app.
You must activate your token by:
Thu Nov 28 00:04:42 2024 (GMT-5:00) Eastern Time (US & Canada),
after which you will need to contact your system administrator to
re-enable your activation.

FortiGate

2024-11-25 00:04:42 mail_info:
from:notification.fortinet.net user:DoNotReply@notification.fortinet.net
2024-11-25 00:04:42 mail_info:
reverse path:DoNotReply@notification.fortinet.net
user name:DoNotReply <--------------  Message body (End of the the message).
2024-11-25 00:04:42 to[0]:XXXXXX@gmail.com
2024-11-25 00:04:42 <==_init_mail_info
2024-11-25 00:04:42 create session    <-------- SMTP session.        
2024-11-25 00:04:42 resolve notification.fortinet.net to 1 IP
2024-11-25 00:04:42 ==> send mail     <------- FortiGate Sending the email.
2024-11-25 00:04:42 connecting to 208.91.114.151 port 465
2024-11-25 00:04:42 send mail 0xca410a0 session 0xca42460
2024-11-25 00:04:42 session_io_event: creating ssl structure for session 0xca42460
2024-11-25 00:04:42 ssl_init
2024-11-25 00:04:42 create_ssl_ctx
2024-11-25 00:04:42 create_ssl: 0x7f8106334000
2024-11-25 00:04:42 sessionn 0xca42460, SSL connected
2024-11-25 00:04:43 session: 0xca42460, rsp_state: greeting, code: 220
2024-11-25 00:04:43 session: 0xca42460, rsp_state: ehlo, code: 250
2024-11-25 00:04:43 session: 0xca42460, rsp_state: mail, code: 250
2024-11-25 00:04:43 session: 0xca42460, rsp_state: rcpt, code: 250
2024-11-25 00:04:43 session: 0xca42460, rsp_state: data, code: 354
2024-11-25 00:04:43 session: 0xca42460, rsp_state: data2, code: 250
2024-11-25 00:04:43 session: 0xca42460, rsp_state: quit, code: 221
2024-11-25 00:04:43 session finined   <----- End of SMTP session
2024-11-25 00:04:43 _session_on_destroy
2024-11-25 00:04:43 <== send mail success, m = 0xca410a0 s = 0xca42460 <----- Email successfully sent to destination.