Hello Sirs, I have in my environment, two Fortigate 800D clustered, I enabled antispam two months ago, the antispam security profile applied in the NAT entry rule where my mail server receives the messages. Many spam was blocked, I needed to change the internet link, due to the change of provider, I recreated all VIPs, including the NAT of the email server. Since then, the antispam has stopped working, it is active, okay, but it just does not work, I've seen everything and I could not solve it, nor does Fortinet support know what it is. Does anyone here have an idea? Have you ever had a problem like this?
I appreciate if anyone here can help me.
Ivanildo Galvão Consultor de Tecnologia MCP, MCT, MCSA, VSP, VTSP, ITIL V3
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ivanildogalvao wrote:Hi,I recreated all VIPs, including the NAT of the email server.
are you saying that you're applying NAT to incoming internet->vip policy?
If so, remove it please urgently, because you're turning your email server in an open relay. (and that could explain your issue)
If I misunderstood your post, please attach a screenshot of your relevant firewall policy to clarify.
regards
/ Abel
No, the mail server goes out to the internet on a regular internet browsing rule, without VIP. Only with the SMTP port, so that it is able to send the messages. When I referred to VIP, I was talking about the input, where the packets arriving at the SMTP port on a public ip, are directed to the mail server on the internal network and it is in this rule that I applied the antispam security profile, which is no longer working, has stopped filtering and blocking spam. I have other incoming NATs, using VIP, in separate rules, for web servers and ftp.
Ivanildo Galvão Consultor de Tecnologia MCP, MCT, MCSA, VSP, VTSP, ITIL V3
Ivanildo,
ivanildogalvao wrote:When I referred to VIP, I was talking about the input, where the packets arriving at the SMTP port on a public ip, are directed to the mail server on the internal network and it is in this rule that I applied the antispam security profile, which is no longer working,
if that rule is NATTed, is wrong. Remove it asap.
regards
/ Abel
Sorry, I explained it wrong. It does not have NAT in any of the rules published for input (smtp, ftp, web server, etc). I have NAT only at the exit, because our provider has delivered us an internal IP to configure in the WAN interface of Fortigate, to go out to the internet, we have to use IPPOOL with the valid public IP addresses provided by the provider.
Here's the image of the input rule, where emails arrive, and Fortigate is not filtering.
Ivanildo Galvão Consultor de Tecnologia MCP, MCT, MCSA, VSP, VTSP, ITIL V3
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.