Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
patrickwilson82
New Contributor

Point Fortimail to Zimbra

Hi there,

 

I'm setting up a new Fortimail unit and I want to set it in Gateway mode. I have a DNS record mail.mydomain.com that currently is pointed to my mail server via a virtual IP set up in my Fortigate. I don't particularly want to change my MX record to the FDQN of my Fortimail, because I have users out in the field who need to be able to access the webmail site for my Zimbra server. Is there another way of setting this up in Gateway mode without having to change my MX record? Thanks in advance for the help.

1 Solution
Carl_Windsor_FTNT

Don't make any changes to your DNS settings - mail.mydomain.com still points at your FortiGate.

 

On the FortiGate, create 2 Port Forwarding VIPs:

[ul]
  • mail.mydomain.com:25 --> FortiMail (which relays cleaned mail to the Zimbra)
  • mail.mydomain.com:443 --> Zimbra [/ul]

    Zimbra WebMail HTTPS traffic goes direct to the server then.

     

    Carl

  • Dr. Carl Windsor Field Chief Technology Officer Fortinet

    View solution in original post

    5 REPLIES 5
    emnoc
    Esteemed Contributor III

    You need to  enable the mail-routing or smart relay   based on a  recipient   address

     

    https://forum.fortinet.com/tm.aspx?m=98405

     

    Ken

    PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    Carl_Windsor_FTNT

    >mail.mydomain.com that currently is pointed to my mail server via a virtual IP set up in my

    >Fortigate. I don't particularly want to change my MX record to the FDQN of my Fortimail,

    >because I have users out in the field who need to be able to access the webmail site for my

    >Zimbra server.

     

    Why don't you just VIP with Port Forwarding for mail.mydomain.com:443 to the Zimbra server and  mail.mydomain.com:25 to the FortiMail?  No changes to DNS/MX records are needed and you can flick back easily if something breaks.   

     

    There is a video on this here.

    Dr. Carl Windsor Field Chief Technology Officer Fortinet

    patrickwilson82

    Carl Windsor wrote:

    >mail.mydomain.com that currently is pointed to my mail server via a virtual IP set up in my

    >Fortigate. I don't particularly want to change my MX record to the FDQN of my Fortimail,

    >because I have users out in the field who need to be able to access the webmail site for my

    >Zimbra server.

     

    Why don't you just VIP with Port Forwarding for mail.mydomain.com:443 to the Zimbra server and  mail.mydomain.com:25 to the FortiMail?  No changes to DNS/MX records are needed and you can flick back easily if something breaks.   

     

    There is a video on this here.

    Carl,

     

    I guess what I'm not clear on, is when I point mail.mydomain.com to the Fortimail for port 443 incoming, would it then go to Zimbra through the relay settings inside the Fortimail?

    Carl_Windsor_FTNT

    Don't make any changes to your DNS settings - mail.mydomain.com still points at your FortiGate.

     

    On the FortiGate, create 2 Port Forwarding VIPs:

    [ul]
  • mail.mydomain.com:25 --> FortiMail (which relays cleaned mail to the Zimbra)
  • mail.mydomain.com:443 --> Zimbra [/ul]

    Zimbra WebMail HTTPS traffic goes direct to the server then.

     

    Carl

  • Dr. Carl Windsor Field Chief Technology Officer Fortinet

    patrickwilson82

    I will give that a try Carl. Thanks for the help!

    Top Kudoed Authors