Hello,
I have a problem with a fortigate 100D model. I have configured a policy with a VIP for relaying mail. Only SMTP (port 25)
The policy has Antivirus enabled in Proxy - Block mode and a Email filter in Proxy mode and Discard mode for SMTP.
When there is a normal mail I can see in the Fortigate logging that it has been scanned by the fortigate and then allowed or blocked. But when the client and the Exchange server negotiate a secure TLS connection the mail transported during this session is not being scanned. So the problem is that spam mail send during such a session is forwarded without any problem.
What am I doing wrong? Has anybody else this same problem?
Fortigate: 100D
Version: 5.2.1
Thanks in advance
Solved! Go to Solution.
If you enable deep inspection for SMTPS it will also scan TLS on 25.
As far as I am aware encrypted sessions can not be scanned by the Fortigate unless deep inspection is enable.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave Hall wrote:As far as I am aware encrypted sessions can not be scanned by the Fortigate unless deep inspection is enable.
But the inspection mode is only for Certificate based SMTPS on port 465. Not for TLS port 25 SMTP. As far is i know. So if I am wrong please let me know.
If you enable deep inspection for SMTPS it will also scan TLS on 25.
Bromont wrote:If you enable deep inspection for SMTPS it will also scan TLS on 25.
This seems to work. There have no new virussen found but spamm is sometimes still getting trough.
I have just implemented it. So i will wait for a day to see if your advice really works.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.