FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 199344
Description This article describes how to troubleshoot Email alert not able to sent out via default email alert settings.
Scope FortiGate,

Make sure to have a working WAN link to send out the email.

Do a test ping to the default mail server:


exe ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=41 time=196.1 ms
64 bytes from icmp_seq=1 ttl=41 time=195.7 ms
64 bytes from icmp_seq=2 ttl=41 time=195.9 ms
64 bytes from icmp_seq=3 ttl=41 time=195.9 ms
64 bytes from icmp_seq=4 ttl=41 time=195.3 ms


Then, check the existing configuration in FortiGate.


Below is an example of default settings:


Fortigate# get system email-server
type : custom
reply-to :
server :
port : 465
source-ip :
source-ip6 : ::
authenticate : disable
validate-server : disable
security : smtps
ssl-min-proto-version: default
interface-select-method: auto


In some cases, it is necessary to configure the interface manually:


Fortigate# set interface-select-method
auto Set outgoing interface automatically.
sdwan Set outgoing interface by SD-WAN or policy routing rules.
specify Set outgoing interface manually.


When the custom email server is used on FortiGate to send the emails out from the FortiGate for purposes like FortiToken Activation Email or Email Alerts, the emails may not be received at the user side


Check the connection to the Email Server:

  • Make sure FortiGate can reach the email server.
  • Try to ping the email server to verify the connectivity.


exe ping <SMTP server IP>


  •  If the email server is beyond the IPsec tunnel, set the source IP in the email server settings of the FortiGate with the internal interface IP.

So that, FortiGate can reach the server over the tunnel.


config system email-server


     set source-ip {ipv4-address}




Run the alert mail debugs:

  •  Once the connection to the server is successful, run the below alert email debugs to see if there are any errors.


diag debug reset
diag debug enable
diag debug console timestamp enable
diag debug application alertmail -1


  • After enabling the email, try to send the activation mail again or trigger a test mail.


diagnose log alertmail test



This test will send out the test mail to the email address that is configured in the alertmail setting (#conf alertmail setting).

If not configured not emails will be sent out.


Refer to this article to configure the same:

Technical Tip: How to configure alert email settings



  • If as per the debug, the 'send mail success' message appears and still do not receive the email, try to change the recipient email address to any public domain (Gmail or Yahoo).
  • This is because sometimes spam filters are in place on the corporate email that block or archive the emails.
  • Still, after making the change, emails are not received; make sure to have set the default-reply-to email in the email server settings.

If that is not set, the debugs will show 'send mail success' but mails will not be received.


 config system email-server

    set server "<Email server IP>"

    set reply-to "" <----- Email address which is used to send emails.


If any failed are erroring the debugs, check for the below things:

  • If the credentials entered for the SMTP server and port number are correct.
  • Also verify the Protocol with the server as well (SMTP or SMTPS).
  • Run a packet sniffer for the email server IP and see if there is bidirectional traffic.

diag sniffer packet any “host <server IP> and port <port no>” 4 0 l


If the issue still persists, collect all the debugs and the output of the above commands and submit them to the TAC ticket along with the configuration file of the FortiGate.


Then disable debug:

diag debug disable
diag debug reset


Save the output either download it via the CLI window or use the Putty tool to log them, in order to attach the debug logs to the case for TAC review.