AJReynolds Tech Blog

Select the Operation Mode The default operation mode is gateway mode – the other modes are server and transparent mode. Changing the operation mode requires a reboot as the operation mode changes how the entire appliance works. The operation mode that you are planning to run your FortiMail appliance in should be decided ahead of the initial deployment, as the operation mode is chosen during the initial setup. This can be changed from the Dashboard later on, but will require a reconfiguration of the appliance for it to work afterwards.     In email operation having correct time is imperative for correct operation. Timestamps are used for logging but are also placed in mail headers for messages sent on to other MTA’s. As a best practice you should configure your FortiMail appliance to use an NTP server.     Domain Name By default the system hostname is the device’s serial number. This name shows up in mail headers so should be changed. The Host name + the Local domain name = the ful

The following post outlines my notes from the FortiMail training at the Fortinet Academy for the Navigating the GUI section. Access the administration and webmail interfaces. FortiMail has two interfaces: Admin interface . Used for administration of the device https://<FortiMail FQDN or IP>/admin User interface. Used to users to access the inbox in server mode or the quarantine mailbox in gateway and transparent modes: https://<FortiMail FQDN or IP>  Note the differences for these two interfaces is the /admin at the end of the URL. Navigate the GUI The user inbox for server mode has the following folders: The quarantine inbox for gateway mode has the following folders: Note that the Inbox folder is not present when the FortiMail is in gateway mode.   Quick Start Wizard You can use the quick start wizard to configure the following: Password for the admin account Network and time settings Local host settings Protected domains Incoming and outgoing antispam and antivirus scan

  OpenSSL Commands I'm recording the following OpenSSL commands here for my future reference, but I originally got them from pleasant software: https://pleasantpasswords.com/info/pleasant-password-server/b-server-configuration/3-installing-a-3rd-party-certificate/openssl-commands General OpenSSL Commands These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks. Generate a new private key and Certificate Signing Request openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key Generate a self-signed certificate openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt Generate a certificate signing request (CSR) for an existing private key openssl req -out CSR.csr -key privateKey.key -new Generate a certificate signing request based on an existing certificate openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key Remove a passphrase

Domain Name Suffix You can specify a domain name suffix in a DHCP address pool on the FortiGate DHCP server . With this suffix assigned, the client only needs to input part of a domain name, and the system adds the domain name suffix for name resolution. For example a client can type in https://fortimanager in their web browser to access your fortimanager instance, instead of the FQDN of https://fortimanager.domain.local In FortiOS (current as of December 2022) this is configured via the CLI.   Configuration config system dhcp server     edit <#>          set domain <domain suffix>   In a full context this would be config system dhcp server     edit 1          set domain "lab.example.com"          set default-gateway 192.168.1.1          set netmask 255.255.255.0          set interface "port1"          config ip-range               edit 1                    set start-ip 192.168.1.100                    set end-ip 192.168.1.200               next         

 Quick post today. I passed the final exam for the NSE6 today, so once that gets passed on from Pearson Vue to Fortinet I will finally have my NSE6 certification. Quick thoughts on the exam: Its a fair exam - no questions written in a confusing manner, and no questions where there were multiple "right" answers that just came down to opinion Questions are written in quite a concise manner, so there's no reading through mountains of text to finally get to the point. A lot of cross over with the FortiWeb - they are similar products, but having done the previous study on the FortiWeb certainly helped for this exam  My only gripe with the process today was that side scrolling wasnt working on my mac for some reason, so I wasnt able to scroll to see the full exhibit for some of the questions. I could see all the information I *think* I needed to answer correctly, but in the end it didnt matter as I passed. Next step from here is to start my NSE8 study in earnest. Im aiming to c