FortiMail offers the option to configure License validation, FortiGuard Antivirus queries, and FortiGuard Antispam queries via Web proxy via HTTPS protocol only.

1. Licensing and FortiGuard Antivirus and Antispam queries can be configured via Web proxy from the CLI as follows:

config system fortiguard antivirus

    set tunneling-address <host_ipv4> 

    set tunneling-password <password_str> 

    set tunneling-port <port_int>

    set tunneling-status {enable | disable} 

    set tunneling-username <username_str> 

Tunneling-username and tunneling-password can be only used if the web proxy requires authentication.

2. Only starting from v7.4.0, FortiGuard Antispam queries will be supported by using a web proxy.

Before that it was only possible for Licensing and Fortiguard Antivirus queries to be tunneled.

The configuration for both Antispam and Antivirus will be under the command 'config system Fortiguard antivirus'.

3. A sample configuration by using FortiGate as a web proxy:

    

From FortiMail:

Where 10.10.10.1:8080 is the Web proxy. On the web proxy, it is possible to create rules to allow communication with FortiGuard servers.

4. After that, it is possible to validate the license under System -> FortiGuard -> License to see the status of the services.