Hi, just wondering if it's posisble to track smtp traffic in Fortigate 200B? We have a web server MS IIS in this network and has an smtp service, the website has a feature of forgot password and if user has click this, the program will use the smtp via iis to send a reset password link.
Is there a way to monitor if the smtp traffic has successfully go out of the firewall so that we are confident that the request was successful since the traffic really went out of the fortigate?
No really, but you can enable logging for traffic on the fortigate, but if you have logging enabled on the server than it sounds redundant imho.
Also logging on the firewall policy would log ALL smtp traffic and not really the request only. YMMV
So I'm guessing the user is trying to login in thru the OWA via https and than click a password reset/recover and your sending the reset/recover via SMTP to a 3rd party email address? Right ?
if that is correct, you could write a IPS rule with allow+log to trigger a security event based on the request/recover . You would have to do some investigating to see what it would take. Than apply the IPS rule only on that policy.