Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fida_khan
New Contributor

Access Control Policies

Hi,

I have recently configured Fortimail. i am a newbie to fortimail access policies. I need help with configuring it as I am sure it will help in reducing the number of spams we receive.

 

My fortimail's private IP is 192.168.200.1/24 and my exchange server IP is 192.168.200.29/24. The fortimail also have a public ip .. for the sake of argument suppose it 1.1.1.1. I have almost 28 protected domains ... could any one of you just help me start with the policies. I am not sure how to go about it.

 

I will appreciate ur help.

 

thanks.

 

Regards,

 

Fida

2 REPLIES 2
emnoc
Esteemed Contributor III

Did you read the  fortimail admin setup guide? A access-policy is not  required for a "must have".  You need to understand  the  difference of a  access-control policy and rcpt-policy and how to best use them.

 

Access Control  Policy are best used for ;

 

ipv4 address like to block a unique address like a spammer or the chinese guy that fails  SMTP-AUTH 1000000 per-day that's pissing you off,  to set  tls policy per-addresss  or domain ( recipient domain  i.e  I use TLS 1.1 for mail to *@gmail.com etc.....)

 

Recipient policy are  just that;  " recipient based" and AS/AV/Content profiles do I apply.

 

 

FWIW

I would use the Quick Start Wizzard and build a based FML cfg and then modify and controlled it from that based cfg IMHO

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
SCSIraidGURU
Contributor

I have a 800 Firewall and 200D Fortimail.  

 

Change Exchange address from MX record to another IP address.   Mail follows the MX record into the firewall.  Port 25 forwards it to Fortimail.  Fortimail forwards it to Exchange.   In the firewall, I set virtual IPs to do the port forwarding from MX IP to Exchange IP

 

Labels
Top Kudoed Authors