Hello Guys,
i need an clarification about using proxy mode with deep inspection on emailfiltering.
I have and internal Exchange Server and today most of the traffic on port 25 use SSL.
So i want to switch from Flow Mode to proxy mode and inspect all traffic, but when i tried to do i wasn't to be able to recieve emails.
I think that FGT use only built-in SSL certificate to inspect traffic and Exchange cannot recognize this certificate. Need i to import this certificate in Exchange server or is possible to Inspect port 25 with our public cert like "mail.domain.com" ?
thank you very much for any hints!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, Import your "mail.domain.com" cert into Fortigate and define the SSL profile. Thats the way it works. https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/55107/protecting-an-ssl-server
Best
________________________________________________________
--- NSE 4 ---
________________________________________________________
Thank you very much Markus!
Additionally, if you want to apply AntiSpam profile to the inspected traffic to filter for spam, you have to use Proxy mode for the policy, not flow one.
Thanks Yuri It depends on the FOS Version. Antispam (FOS 7) seems also working in Flow Mode. Best,
Markus
________________________________________________________
--- NSE 4 ---
________________________________________________________
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.