Example: Strict and loose IP-based policies
You have a FortiMail unit running in gateway mode to protect your internal mail server (192.168.1.1). The FortiMail unit receives email incoming to, and relays email from, the internal mail server.
You can create two IP-based policies:
- Policy 1: Enter 168.1.1/32 as the source IP address and 0.0.0.0/0 as the destination to match outgoing email connections from the mail server, and select a loose session profile, which may have sender reputation and other similar restrictions disabled, since the sender (that is, source IP) will always be your mail server.
- Policy 2: Enter 0.0.0/0 as the source IP address and 192.168.1.1/32 as the destination IP address to match incoming email connections from all other mail servers, and select a strict session profile, which has all antispam options enabled.
You would then move policy 1 above policy 2, as policies are evaluated for a match with the connection in order of their display on the page.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!