Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mike_Berube
New Contributor

mail server access from the web

Hello, I have a mail on my network that I would like accessible from external clients. How can I make my mail server accessible to on the go users? The user would use a mail client like Outlook to send and receive to and from my mail server. TY Mike
13 REPLIES 13
ede_pfau
SuperUser
SuperUser

No it' s not and frankly there is no other way to access the mail server... The firewall (policy) controls which side is allowed to open a session. Within a session data can flow in both directions. So assumed the DMZ server gets hacked the FGT would not allow it to open sessions to LAN hosts. For the mailserver allow DNS, SMTP and NTP outbound (to WAN), and nothing at all towards LAN.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Jan_Scholten
Contributor

Having mail (Exchange?) and AD on one Maschine is imho bad if you want to have it public available. seperate it but owa in the dmz and regulate traffic with policys.
Mike_Berube
New Contributor

I don’t use exchange. I use a third party mail server, MDaemon. I have no issue on transferring the Mail service on a dedicated mail server but if I put it in the DMZ it seems I will have to use WebMail to access mail from the LAN. I don’t want that. I want users to use a mail client like Outlook but for that I need to open ports (25 & 110) to connect from the LAN to the DMZ and that is the contrary of what DMZ stands for unless you have a different opinion on the matter. If this is not a secure way of doing this then how does ISP’s configure access to their mail servers via the Web while still permitting access via ports 25 and 110? Mike
ede_pfau
SuperUser
SuperUser

Mike, I could only repeat my post above. Connections from LAN to DMZ are OK; from DMZ to LAN are " contrary of what DMZ stands for" .
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors