FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Somashekara_Hanumant
Description
This article explains how to send quarantine reports when FortiMail is configured with config-only HA mode (A-A cluster).

To achieve this, the mail data must be stored on central storage such as a NAS server.

Scope
Storing mail data and quarantine reports in config-only HA mode.

FortiMail v5.0 onwards.

Solution
For FortiMail units operating in server mode as a config-only HA group, mail data must be stored on a NAS server instead of locally.  If mail data is stored locally, email users’ messages and other mail data could be scattered across multiple FortiMail units.

Even if the FortiMail units are not operating in server mode with config-only HA, storing mail data on a NAS server may have a number of benefits for an organization.  For example, backing up a NAS server regularly can help prevent loss of mail data.  Also, if the FortiMail unit experiences a temporary failure, mail data can still be accessed on the NAS server.  When the FortiMail unit restarts, it can usually continue to access and use the mail data stored on the NAS server.

For config-only HA groups using a network attached storage (NAS) server, only the primary unit sends quarantine reports to email users.  The primary unit also acts as a proxy between email users and the NAS server when email users use FortiMail webmail to access quarantined email and to configure their own Bayesian filters.

For a active-passive HA groups, the primary unit reads and writes all mail data to and from the NAS server in the same way as a standalone unit.  If a failover occurs, the new primary unit uses the same NAS server for mail data.  The new primary unit can access all mail data that the original primary unit stored on the NAS server.  So if a NAS server is used to store mail data, after a failover, the new primary unit continues operating with no loss of mail data.

Remote storage can be configured from the following path:

The Mail Settings > Settings > Storage tab allows the configuration of local or remote storage of mail data such as the mail queues, email archives, email users’ mailboxes, quarantined email, and IBE encrypted email.  FortiMail units can store email either locally or remotely.

FortiMail units support remote storage by a centralized quarantine, and/or by a network attached storage (NAS) server using the network file system (NFS) protocol.

NAS has the benefits of remote storage which include ease of backing up the mail data and more flexible storage limits.  Additionally, the mail data can be accessed on the NAS server if the FortiMail unit loses connectivity.

If the FortiMail unit is a member of an active-passive HA group, and the HA group stores mail data on a remote NAS server, disable mail data synchronization to prevent duplicate mail data traffic.

Contributors