Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Fortimail to Fortisandbox by SYSLOG hitting wrong interface

Hi to all,


I have a strange behavior here...


  • Fortigate 1500D with 5.6.3
  • FortiMail (located DMZ network attached to Fortigate) with 5.4.3
  • FortiSandbox (located Internal Network attchached to Fortigate) with 2.3.3[/ul]

    I tried to connect the Fortigate to the FortiSandbox -> authorized -> works fine.

    I tried to connect the Fortimail (Default Gateway is the Fortinet DMZ leg) -> FortiSandbox Server not available.


    Hmm... -> FortiView

    Oh, we have Threats here from FortiMail to FortiSandbox and the Explicit Firewall Rule deny the Traffic.

    Drill down -> Source (Mac of FortiMail Interface) -> Destination (Mac of Sandbox Interface) -> Application "RSH"


    Ok, create a temp rule for allow any Traffic -> same behavior -> No Connection -> listed in the Threat list with same Details.

    Deeper Dive and now I was able to see, the "Source Interface" is port19 (DMZ Interface at the Fortigate) and the "Destination Interface" is mgmt1 ?!


    Does anybody have an idea, why the connection hits the mgmt1 interface???

    As I wrote, the only route entry at the Fortimail is "ALL to Fortigate DMZ Interface".

    At the fortigate the Route to the internal is set to the Core Switch. Everything is working as expected (SMTP etc.) only the SYSLOG Traffic should be a problem here?


    Thanks for any suggestion!

  • FCNSA 5, FCNSP 5, NSE 4

    0 REPLIES 0