Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joaquinllano
New Contributor

FortiMail 400C for several domains

Hi all. First of all sorry for my bad English. We have a FortiMail400C and want to know if its works on this scenary: We have several email domains (one for each client) each one with several MTAs that are on isolated networks. Every client has a firewall and its MTAs. We want that every firewall of our clients redirects email traffic to our FortiMail and then the FortiMail redirects the mail to our client firewall, then the firewall redirect newly the mail to the MTA on our client. Also we want to know if FortiMail support multiple email domains, it means that an email for domain1.com can be redirected to mta_1.domain1.com and an email to domain2.com can be redirected to mta_1.domain2.com. It can balance traffic over several MTAs on the same email domain? It suppor trunking or VLANs? Thanks for your help. Regars.
4 REPLIES 4
emnoc
Esteemed Contributor III

Okay let give you some answers; 1: yes it support multiple protection email-domains 2: it doesn' t redirect traffic 3: you point your MX record to the public adress of the Mail Appliance 4: you can use the same single public-address for all domains 5: you build polices for the domain(s) and or a single policy for all domains but I would not recommend just encase you want customization 6: Yes you can using trunking 7: yes you can have multiple or alternative MTAs some one can correct me but I think that number 2 or 4 8: you can also use redundant links ( be adviseable redundant links was broke in one earlier code set 5.1.x is fix ) You will need to ensure all traffic is routed thru the ESA for 100% AS/AV protection. So that means to close the firewall polices off to the existing MTA and change the DNS MX to point to the ESA public address. The Address could be a VIP on a load-balancer or firewall. I hope that answers your questions.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
joaquinllano
New Contributor

Hi Emnoc. Thanks for your help. You help me a lot, now it' s more clearly. Regards.
lightmoon1992
New Contributor

Hi emnoc, Regarding your fourth answer, in fact you can use the same real IP for multiple domains, this would create DNS inconsistency if the remote client performs SPF and Forged IP check. Its better to have different IP per domain Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
Bromont_FTNT
Staff
Staff

As long as MX and SPF records for all domains match up with that IP there should be no issues.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors