Hi, just wondering if it's posisble to track smtp traffic in Fortigate 200B? We have a web server MS IIS in this network and has an smtp service, the website has a feature of forgot password and if user has click this, the program will use the smtp via iis to send a reset password link.
Is there a way to monitor if the smtp traffic has successfully go out of the firewall so that we are confident that the request was successful since the traffic really went out of the fortigate?
Thanks
Jeff
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Suggestion;
Qs:
If the request went out via the MS server can't you just check the logs on the server?
I'm sure the reset link is being sent to an 3rd party email-address correct?
PCNSE
NSE
StrongSwan
Yes, actually, I've activated smtp logs in MS IIS SMTP and I can see the source and destination of that sent request via smtp. I'm just curious if there are logs like these in Fortigate.
Thanks
Jeff
No really, but you can enable logging for traffic on the fortigate, but if you have logging enabled on the server than it sounds redundant imho.
Also logging on the firewall policy would log ALL smtp traffic and not really the request only. YMMV
(alternative)
So I'm guessing the user is trying to login in thru the OWA via https and than click a password reset/recover and your sending the reset/recover via SMTP to a 3rd party email address? Right ?
if that is correct, you could write a IPS rule with allow+log to trigger a security event based on the request/recover . You would have to do some investigating to see what it would take. Than apply the IPS rule only on that policy.
PCNSE
NSE
StrongSwan
Yes, correct.
Ok, i"ll try to play around the IPS policy and see if what I can get from there.
Thanks
Jeff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.