Description
This article describes a scenario where, in some cases, everything is well-configured on the FortiPAM side (DNS, Email service, and email alert settings). Still, the email alert cannot be sent.
Scope
FortiPAM, Email Service.
Solution
The possible root cause is: the email service is blocked by the firewall between FortiPAM and the SMTP server.
- Use 'exec ping notification.fortinet.net' via CLI:
FortiPAM-1000G # exec ping notification.fortinet.net
PING notification.fortinet.net (208.91.114.151): 56 data bytes
64 bytes from 208.91.114.151: icmp_seq=0 ttl=57 time=23.4 ms
64 bytes from 208.91.114.151: icmp_seq=1 ttl=57 time=34.7 ms
-
Use 'exec telnet notification.fortinet.net' via CLI:
FortiPAM-1000G # exec telnet notification.fortinet.net 465
Trying 208.91.114.151...
Connected to 208.91.114.151.
If it cannot be connected, check the firewall policy and try to allow port 465 on the firewall side.
Note:
If the issue persists after verifying the firewall policy, collect the following debug and attach them to the TAC case.
diagnose debug reset
diagnose debug enable
diagnose debug console timestamp enable
diagnose debug application alertmail -1
Send a test activation email:
diagnose log alertmail test
Disable the debugging:
diagnose debug disable
diagnose debug reset
