Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
ovoda
Staff
Staff

Created on ‎03-26-2025 08:49 AM

Article Id 384727

Technical Tip: How to set source and destination for IP policy

Description

This article describes how to set the source and destination for IP policy to match the SMTP session correctly.
Scope FortiMail v6.4.x, v7.2.x, v7.4.x, v7.6.x.
Solution

It is important to understand how the SMTP sessions work.

The SMTP session is Client - Server connection, so the source and destination have to be set in this sense.

Generally, the destination should be the FortiMail Interface IP address (if standalone). If in an HA (the Virual-IP) and if using IP-POOL (the IP range needs to be set accordingly), but it should not be recipient mail server address.

Consider this network diagram:

 

network diagram.png

 

  1. Outbound email:
  • The client is a Mail server, and the server is FortiMail.
  • The IP Policy for outbound emails has the Mail server IP address as the source and the FortiMail interface IP address as the destination.

 

outboundsession.png

 

  1. Inbound email:

  • The client is 'anybody' from the Internet, and the server is FortiMail.
  • The IP policy for inbound emails has 0.0.0.0/0 as the source and the FortiMail IP address as the destination.

 

incominfsession.png
47
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.