Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Micky182
New Contributor

Created on ‎04-23-2021 02:57 AM

Flow mode or Proxy Mode on Email Inspection?

Hello Guys,

 

i need an clarification about using proxy mode with deep inspection on emailfiltering.

I have and internal Exchange Server and today most of the traffic on port 25 use SSL.

So i want to switch from Flow Mode to proxy mode and inspect all traffic, but when i tried to do i wasn't to be able to recieve emails.

I think that FGT use only built-in SSL certificate to inspect traffic and Exchange cannot recognize this certificate. Need i to import this certificate in Exchange server or is possible to Inspect port 25 with our public cert like "mail.domain.com" ?

 

thank you very much for any hints!

Labels:
3565
0 Kudos
4 REPLIES 4
Markus
Valued Contributor

Created on ‎04-23-2021 03:01 AM

Hi, Import your "mail.domain.com" cert into Fortigate and define the SSL profile. Thats the way it works. https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/55107/protecting-an-ssl-server

 

Best


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
2595
0 Kudos
Micky182
New Contributor
In response to Markus

Created on ‎04-27-2021 07:34 AM

Thank you very much Markus!

2596
0 Kudos
Yurisk
SuperUser
SuperUser
In response to Micky182

Created on ‎04-27-2021 11:20 PM

Additionally, if you want to apply AntiSpam profile to the inspected traffic to filter for spam, you have to use Proxy mode for the policy, not flow one.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
2596
0 Kudos
Markus
Valued Contributor
In response to Yurisk

Created on ‎04-28-2021 12:57 AM

Thanks Yuri It depends on the FOS Version. Antispam (FOS 7) seems also working in Flow Mode. Best,

Markus


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
2596
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.