On your WAN to LAN policy that you created to allow the SMTP traffic
inbound (the one with the VIP for your exchange server in it), do you
have NAT enabled? If so, you should turn it off.
You are right. the changing default password is a bug when using remote
authentication sources. TAC did confirm it is going to be fixed in the
next release.
I know it has been a while, but i just came across your question. The
global is all global configuration on the firewall (admin profiles,
users, fortiguard etc)The root is all the settings related tot he root
vdom, (interfaces, policies, address obje...
