To be able to offload Anti-Spam processing to a FortiMail device you should.
1. Go to System > Feature Select and turn on Anti–Spam Filter.
2. Go to System > External Security Devices, enable SMTP Service – FortiMail and add the IP address of your FortiMail device.
3. Go to Security Profiles > Anti-Spam and edit an Anti-Spam profile and set Inspection Device to External.
4. Go to Policy & Objects > IPv4 Policy, add or edit a Firewall policy, enable Anti–Spam and select the profile for which you set Inspection Device to External.
When you add this Anti-Spam profile to a firewall policy, email traffic accepted by the policy is offloaded to the
FortiMail device for processing.
If your FortiGate or VDOM inspection mode is set to flow-based you must use the CLI to set an Anti-Spam profile to external mode and add the Anti-Spam profile to a fire- wall policy.
Enabling FortiMail on the External Security Devices page adds the following configuration to the CLI:
config system wccp set service-id 52
set router-id 22.214.171.124 (the IP address of the FortiGate interface that communicates with the FortiMail)
set group address 0.0.0.0
set server-list 126.96.36.199 255.255.255.255 (the IP address of the FortiMail)
set authentication disable set forward-method GRE
set return-method GRE
set assignment-method HASH
Selecting External in the Anti-Spam profile adds the following configuration to the CLI:
config spamfilter profile edit default
set external enable end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos