Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
technician
New Contributor

smtp logs

Hi, just wondering if it's posisble to track smtp traffic in Fortigate 200B? We have a web server MS IIS in this network and has an smtp service, the website has a feature of forgot password and if user has click this, the program will use the smtp via iis to send a reset password link.

 

Is there a way to monitor if the smtp traffic has successfully go out of the firewall so that we are confident that the request was successful since the traffic really went out of the fortigate?

 

Thanks

Jeff

4 REPLIES 4
emnoc
Esteemed Contributor III

Suggestion;

 

Qs:

 

If the request went out via the MS server can't you just check the logs on the server?

 

I'm sure the reset link is being sent to an 3rd party email-address correct?

 

PCNSE 

NSE 

StrongSwan  

technician

Yes, actually, I've activated smtp logs in MS IIS SMTP and I can see the source and destination of that sent request via smtp. I'm just curious if there are logs like these in Fortigate.

 

Thanks

Jeff

emnoc
Esteemed Contributor III

No really, but you can enable logging for traffic on the  fortigate, but if you have logging enabled on the server than it sounds redundant imho.

 

Also logging on the firewall policy would log ALL smtp traffic and not really the request only. YMMV

 

(alternative)

So I'm guessing the user is trying to login in thru the OWA via https and than click a password reset/recover and your sending the reset/recover via SMTP to a 3rd party email address? Right ?

 

if that is correct, you could write a IPS rule with allow+log to trigger a security event based on the request/recover . You would have to do some investigating  to see what it would take. Than apply the IPS rule only on that policy. 

 

 

PCNSE 

NSE 

StrongSwan  

technician

Yes, correct.

 

Ok, i"ll try to play around the IPS policy and see if what I can get from there.

 

Thanks

Jeff