FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tana
Staff
Staff
Description This article describes how to troubleshoot Email alert not able to sent out via default email alert settings.
Scope  
Solution

Make sure to have a working WAN link to send out the email.

Do a test ping to the default mail server : notification.fortinet.net

 

# exe ping notification.fortinet.net
PING notification.fortinet.net (208.91.114.151): 56 data bytes
64 bytes from 208.91.114.151: icmp_seq=0 ttl=41 time=196.1 ms
64 bytes from 208.91.114.151: icmp_seq=1 ttl=41 time=195.7 ms
64 bytes from 208.91.114.151: icmp_seq=2 ttl=41 time=195.9 ms
64 bytes from 208.91.114.151: icmp_seq=3 ttl=41 time=195.9 ms
64 bytes from 208.91.114.151: icmp_seq=4 ttl=41 time=195.3 ms

 

Then, check the existing configuration in FortiGate.

 

Below is an example of default settings :

 

Fortigate# get system email-server
type : custom
reply-to :
server : notification.fortinet.net
port : 465
source-ip : 0.0.0.0
source-ip6 : ::
authenticate : disable
validate-server : disable
security : smtps
ssl-min-proto-version: default
interface-select-method: auto

 

In some cases, it is necessary to configure the interface manually:

 

Fortigate# set interface-select-method
auto Set outgoing interface automatically.
sdwan Set outgoing interface by SD-WAN or policy routing rules.
specify Set outgoing interface manually.

 

To collect the debug for email alert :

 

# diag debug reset
# diag debug enable
# diag debug console timestamp enable
# diag debug application alertmail -1

 

Send a test activation mail: 

 

# diagnose log alertmail test

 

Then disable debug :


# diag debug disable
# diag debug reset

 

Save the output either download it via CLI window, or use Putty tool to log them, in order to attach the debug logs to the case for TAC review.

Contributors