Escolar Documentos
Profissional Documentos
Cultura Documentos
Transparent Mode
Transparent Mode
Module 11
Transparent Mode
Transparent relay
FortiMail is inline, in front of the mail servers or mail relays
FORTIMAIL UNIT INTERCEPTS AND
SCANS SESSIONS DESTINED TO
THE BACKEND SERVERS
MAIL FLOW
INTERNET
MTAs
06-50000-0221-20130726
Transparent Mode
06-50000-0221-20130726
Transparent Mode
Transparent Mode
MAIL FLOW
INTERNET
MTAs
FORTIMAIL DEFAULT
ROUTE AND MTA
DEFAULT ROUTE
MANAGEMENT IP ADDRESS IS
IN THE SAME SUBNET AS THE
MTAs
06-50000-0221-20130726
Transparent Mode
INTERNAL INTERFACE IN
BRIDGE MODE
MAIL FLOW
INTERNET
MTAs
FORTIMAIL DEFAULT
ROUTE
MANAGEMENT
PLATFORMS
THIRD INTERFACE IN
ROUTE MODE FOR OOB
MANAGEMENT
ROUTE MODE
INTERFACE
MTAs
ONE-ARM ATTACHMENT
(2nd INTERFACE FOR OOB
MANAGEMENT)
INTERNET
MAIL USER
AGENTS
POLICY-BASED ROUTING
SMTP TRAFFIC --> FORTIMAIL
SMTP
DESTINATION IP =
MTAs ADDRESSES
MTAs
INTERNAL
NETWORK
MAIL USER
AGENTS
06-50000-0221-20130726
Transparent Mode
Transparency Settings
By default, the transparent mode unit does not hide its presence in the
mail flow
The management IP address (if in bridge mode) or the interface IP
address (if in route mode) will be used to establish a new session to
the destination MTA
To hide the transparent unit you can use one of the following options
depending on the direction of the email:
Incoming emails: Enable the option Hide the transparent box (System > Domain)
Outgoing emails: Enable the option Hide this box from the mail server (Session
profile > Connection Settings)
In both cases, the TP unit will reuse the sender IP address to establish the new
session
10
06-50000-0221-20130726
Transparent Mode
Built in MTA
A transparent mode FortiMail unit can route a message to its
destination by using its built in MTA or by proxying it
When the built in MTA is used the following actions are taken:
The email is intercepted
DNS MX and A resolution are performed on the recipient domain
The email is delivered
11
Transparent Proxy
If the transparent proxy is enabled, the FortiMail unit performs the
following actions:
The email is intercepted
The email is simply forwarded to destination
No queuing of messages in case of delivery failure
12
06-50000-0221-20130726
Transparent Mode
13
FQDN server.internal.lab
IP 10.0.1.100
Domain: internal.lab
Port2
tp.smarthost.lab
10.0.3.201
Port1
FQDN server.external.lab
IP 10.0.2.100
Domain: external.lab
14
06-50000-0221-20130726
Transparent Mode
Port2
tp.smarthost.lab
10.0.3.201
Port1
2
FQDN server.external.lab
IP 10.0.2.100
Domain: external.lab
FQDN server.internal.lab
IP 10.0.1.100
Domain: internal.lab
15
Port2
tp.smarthost.lab
10.0.3.201
Port1
1
FQDN server.external.lab
IP 10.0.2.100
Domain: external.lab
16
06-50000-0221-20130726
Transparent Mode
Port2
Port1
FQDN server.external.lab
IP 10.0.2.100
Domain: external.lab
FQDN server.internal.lab
IP 10.0.1.100
Domain: internal.lab
17
FQDN server.internal.lab
IP 10.0.1.100
Domain: internal.lab
Port2
tp.smarthost.lab
10.0.3.201
Port1
FQDN server.external.lab
IP 10.0.2.100
Domain: external.lab
18
06-50000-0221-20130726