Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Gmail for Alert E-Mails

Has anyone tried or does anyone know if it is possible to use smtp.gmail.com to send alert emails from the FortiGate (or FortiAnalyzer)? I have tried using ' smtp.gmail.com' and entering my username@gmail.com for smtp user and my gmail password, but still no luck. I have been having trouble getting alert emails to send from both the FortiGate and FortiAnalyzer.
7 REPLIES 7
billp
Contributor

We' re running into the same problem with other software configured to send alerts. . . smtp.gmail.com requires an encrypted connection. See: http://mail.google.com/support/bin/answer.py?answer=78799 Specifically, Please note that if your client does not support SMTP authentication, you won' t be able to send mail through your client using your Gmail address. The short answer is no, you can' t use smtp.gmail.com to send alerts because it doesn' t support unencrypted emails, and the Fortigate doesn' t support encrypted emails. We will probably have to build our own in-house smtp server to handle the things like this. Suggestions on work-arounds are welcome

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
abelio

The short answer is no, you can' t use smtp.gmail.com to send alerts because it doesn' t support unencrypted emails, and the Fortigate doesn' t support encrypted emails.
It' s no matter of encryption or not; it' s a matter of ports. smtp.googlemail.com uses 465/tcp submission port for the connection., and in your fortigate you cannot use (yet) another port than 25/tcp for email alerts BTW, FTG' s email alerts smtp support authentication for years ago, (picture included)

regards




/ Abel

regards / Abel
Not applicable

Actually Abel, you can set the FortiGate alert-email SMTP port to anything via the CLI. See: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31861&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=7528496&stateId=0%200%207526635 I have tried using smtp.gmail.com with ports 465 and 587 as suggested in the link that billp posted, both with no luck. I instantly receive a " Fortigate was unable to send alert-email" in the event log. Encryption might be the problem. We also have an in-house MS Exchange server that I am unable to send alert emails from.
abelio

ORIGINAL: mike0 Actually Abel, you can set the FortiGate alert-email SMTP port to anything via the CLI. See: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31861&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=7528496&stateId=0%200%207526635
Indeed, thanks for the link!

regards




/ Abel

regards / Abel
billp
Contributor

Abel, I quoted the wrong part of the gmail link -- In addition to authentication, the Google SMTP server requires TLS encryption when sending. Fortigate doesn' t support TLS when sending email alert messages. I found this to a be a problem with most systems that are not email clients per-se.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
abelio

In addition to authentication, the Google SMTP server requires TLS encryption when sending. Fortigate doesn' t support TLS when sending email alert messages.
Indeed Bill, it seems that the only way to connect to google is starting tls first, independiently of authentication process; there' s no option for talk smtp with no issuing starttls comand first, and FGT doesn' t send starttls command.
 [abel@ ~]$ telnet smtp.googlemail.com  587
 Trying 74.125.45.16...
 Connected to smtp.googlemail.com (74.125.45.16).
 Escape character is ' ^]' .
 220 mx.google.com ESMTP b6sm63037707ani.1
 ehlo
 250-mx.google.com at your service, [xxx.xxx.xxx.xxx]
 250-SIZE 35651584
 250-8BITMIME
 250-STARTTLS
 250 ENHANCEDSTATUSCODES
 
regards and my apologies for the misunderstanding.

regards




/ Abel

regards / Abel
SECCON1MC
New Contributor

Here is a different direction. Since you will be sending to your gmail account, just use the MX record for gmail:
;; QUESTION SECTION:
 ;gmail.com.			IN	MX
 
 ;; ANSWER SECTION:
 gmail.com.		1251	IN	MX	40 alt4.gmail-smtp-in.l.google.com.
 gmail.com.		1251	IN	MX	5 gmail-smtp-in.l.google.com.
 gmail.com.		1251	IN	MX	10 alt1.gmail-smtp-in.l.google.com.
 gmail.com.		1251	IN	MX	20 alt2.gmail-smtp-in.l.google.com.
 gmail.com.		1251	IN	MX	30 alt3.gmail-smtp-in.l.google.com.
 
in this case gmail-smtp-in.l.google.com should work fine. [ul]
  • Set your FortiGate to not to authenticate
  • You may need to provide a valid email address that is not your gmail address to get past the spam filters
  • Make sure you do not try to relay as that will obviously not work and will just make the mighty google mad. [/ul] Good Luck ~Matt
  • [link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
    [link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors