To be able to offload Anti-Spam processing to a FortiMail device you should.

1. Go to System > Feature Select and turn on AntiSpam Filter.

2. Go to System > External Security Devices, enable SMTP Service – FortiMail and add the IP address of your FortiMail device.

3. Go to Security Profiles > Anti-Spam and edit an Anti-Spam profile and set Inspection Device to External.

4. Go to Policy & Objects > IPv4 Policy, add or edit a Firewall policy, enable AntiSpam and select the profile for which you set Inspection Device to External.

When you add this Anti-Spam profile to a firewall policy, email traffic accepted by the policy is offloaded to the

FortiMail device for processing.

If your FortiGate or VDOM inspection mode is set to flow-based you must use the CLI to set an Anti-Spam profile to external mode and add the Anti-Spam profile to a fire- wall policy.

Enabling FortiMail on the External Security Devices page adds the following configuration to the CLI:

config system wccp set service-id 52

set router-id (the IP address of the FortiGate interface that communicates with the FortiMail)

set group address

set server-list (the IP address of the FortiMail)

set authentication disable set forward-method GRE

set return-method GRE

set assignment-method HASH



Selecting External in the Anti-Spam profile adds the following configuration to the CLI:

config spamfilter profile edit default

set external enable end

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “FortiMail

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.