Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring system time, options, and other system options

The System > Configuration submenu lets you configure the system time, various global settings (such as idle timeout) of the web UI, and SNMP access.

This topic includes:

Configuring the time and date

For many features to work, including scheduling, logging, and certificate-dependent features, the FortiMail system time must be accurate.

Go to System > Configuration > Time to configure the system time and date of the FortiMail unit.

You can either manually set the FortiMail system time or configure the FortiMail unit to automatically keep its system time correct by synchronizing with Network Time Protocol (NTP) servers.

Note

NTP is recommended to achieve better time accuracy. NTP requires that your FortiMail unit be able to connect to the Internet on UDP port 123. Configure your firewall, if any, to allow these connections.

 

Note

FortiMail units support daylight savings time (DST), including recent changes in the USA, Canada and Western Australia.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see About administrator account permissions and domains.

Configuring system options

The System > Configuration > Option tab lets you set the following global settings:

  • system idle timeout
  • LCD panel and button access restriction (for the models that have front LCD panel and control buttons)
  • login disclaimer
  • password enforcement policy
  • administration ports on the interfaces

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see About administrator account permissions and domains.

To view and configure the system options
  1. Go to System > Configuration > Option.
  2. Configure the following:

GUI item

Description

Idle timeout

Enter the amount of time that an administrator may be inactive before the FortiMail unit automatically logs out the administrator.

Note: For better security, use a low idle timeout value.

LCD Panel (models with LCD panels)

 

 

PIN Protection

Enable to require administrators to first enter the PIN before using the LCD display panel and control buttons on the FortiMail unit, then enter the 6-digit PIN number.

This option appears only on FortiMail models whose hardware includes an LCD panel.

Caution: For better security, always configure an LCD PIN; otherwise, anyone with physical access can reconfigure the unit.

Login Disclaimer Setting

The disclaimer message appears when an administrator or user logs in to the FortiMail unit web-based manager, the FortiMail Webmail, or the FortiMail unit to view the IBE encrypted email.

 

Login disclaimer

You can use the default disclaimer text or customize it.

 

Reset To Default

(button)

If you have customized the disclaimer text but want to use the default text, select this button.

 

Apply to login page

  • Admin: Select to display the disclaimer message when the administrator logs in to the FortiMail unit web-based manager.
  • Webmail: Select to display the disclaimer message when the user logs into the FortiMail Webmail.
  • IBE: Select to display the disclaimer message when the user logs into the FortiMail unit to view the IBE encrypted email.

Password Policy

Enable the password policy for administrators, FortiMail Webmail users, and IBE encrypted email users.

 

Minimum password length

Set the minimum acceptable length (8) for passwords.

 

Password must contain

Select any of the following special character types to require in a password. Each selected type must occur at least once in the password.

Uppercase letters — A, B, C, ... Z

Lowercase letters — a, b, c, ... z

Number — 0 ... 9

Non alphanumeric character — punctuation marks, @,#, ... %

 

Apply password policy to

Select where to apply the password policy:

  • Administrators — Apply to administrator passwords. If any password does not conform to the policy, require that administrator to change the password at the next login.
  • Local mail users — Apply to FortiMail webmail users’ passwords. If any password does not conform to the policy, require that user to change the password at the next login.
  • IBE users — Apply to the passwords of the users who access the FortiMail unit to view IBE encrypted email. If any password does not conform to the policy, require that user to change the password at the next login.

Administration Ports

Specify the TCP ports for administrative access on all interfaces.

Default port numbers:

  • HTTP: 80
  • HTTPS: 443
  • SSH: 22
  • TELNET: 23
See also

Customizing the GUI appearance

Configuring the network interfaces

Configuring SNMP queries and traps

Go to System > Configuration > SNMP to configure SNMP to monitor FortiMail system events and thresholds, or a high availability (HA) cluster for failover messages.

You can also use SNMP to monitor some models which have monitored power supplies and RAID controllers. When a monitored power supply or a RAID controller is removed or added, the FortiMail unit will send configured notification for those events by log messages, alert email messages, and/or SNMP traps.

To monitor FortiMail system information and receive FortiMail traps, you must compile Fortinet proprietary MIBs as well as Fortinet-supported standard MIBs into your SNMP manager. RFC support includes support for most of RFC 2665 (Ethernet-like MIB) and most of RFC 1213 (MIB II). For more information, see FortiMail MIBs. For information on HA-specific MIB and trap MIB fields, see Getting HA information using SNMP.

The FortiMail SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to FortiMail system information and can receive FortiMail traps.

The FortiMail SNMP v3 implementation includes support for queries, traps, authentication, and privacy. Before you can use its SNMP queries, you must enable SNMP access on the network interfaces that SNMP managers will use to access the FortiMail unit. For more information, see Editing network interfaces.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see About administrator account permissions and domains.

This section includes:

Configuring an SNMP threshold

Configure under what circumstances an event is triggered.

To set SNMP thresholds
  1. Go System > Configuration > SNMP.
  2. Click the plus sign to expand the SNMP Threshold area.
  3. Configure the following:

GUI item

Description

SNMP agent enable

Enable to activate the FortiMail SNMP agent. This must be enabled to accept queries from SNMP managers or send traps from the FortiMail unit.

Description

Enter a descriptive name for the FortiMail unit.

Location

Enter the location of the FortiMail unit.

Contact

Enter administrator contact information.

SNMP Threshold

To change a value in the four editable columns, select the value in any row. It becomes editable. Change the value and click outside of the field. A red triangle appears in the field’s corner and remains until you click Apply.

 

Trap Type

Displays the type of trap, such as CPU Usage.

 

Trigger

You can enter either the percent of the resource in use or the number of times the trigger level must be reached before it is triggered.

For example, using the default value, if the mailbox disk is 90% or more full, it will trigger.

 

Threshold

Sets the number of triggers that will result in an SNMP trap.

For example, if the CPU level exceeds the set trigger percentage once before returning to a lower level, and the threshold is set to more than one, an SNMP trap will not be generated until that minimum number of triggers occurs during the sample period.

 

Sample Period(s)

Sets the time period in seconds during which the FortiMail unit SNMP agent counts the number of triggers that occurred.

This value should not be less than the Sample Freq(s) value.

 

Sample Freq(s)

Sets the interval in seconds between measurements of the trap condition. You will not receive traps faster than this rate, depending on the selected sample period.

This value should be less than the Sample Period(s) value.

Community

Displays the list of SNMP communities (for SNMP v1 and v2c) added to the FortiMail configuration. For information on configuring a community, see either Configuring an SNMP v1 and v2c community or Configuring an SNMP v3 user.

 

Name

Displays the name of the SNMP community. The SNMP Manager must be configured with this name.

 

Status

A green check mark icon indicates that the community is enabled.

 

Queries

A green check mark icon indicates that queries are enabled.

 

Traps

A green check mark icon indicates that traps are enabled.

User

Displays the list of SNMP v3 users added to the FortiMail configuration. For information on configuring a v3 user, see Configuring an SNMP v3 user.

 

Name

Displays the name of the SNMP v3 user. The SNMP Manager must be configured with this name.

 

Status

A green check mark icon indicates that the user is enabled.

 

Queries

A green check mark icon indicates that queries are enabled.

 

Traps

A green check mark icon indicates that traps are enabled.

 

Security level

Displays the security level.

See also

Configuring an SNMP v1 and v2c community

Configuring an SNMP v1 and v2c community

An SNMP community is a grouping of equipment for SNMP-based network administration purposes. You can add up to three SNMP communities so that SNMP managers can connect to the FortiMail unit to view system information and receive SNMP traps. You can configure each community differently for SNMP traps and to monitor different events. You can add the IP addresses of up to eight SNMP managers to each community.

To configure an SNMP community
  1. Go to System > Configuration > SNMP.
  2. Under Community, click New to add a community or select a community and click Edit.
  3. The SNMP Community page appears.

  4. Configure the following:

GUI item

Description

Name

Enter a name to identify the SNMP community. If you are editing an existing community, you cannot change the name.

You can add up to 16 communities.

Enable

Enable to send traps to and allow queries from the community’s SNMP managers.

Community Hosts

Lists SNMP managers that can use the settings in this SNMP community to monitor the FortiMail unit. Click Create to create a new entry.

You can add up to 16 hosts.

 

IP Address

Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0, so that any SNMP manager can use this SNMP community.

 

Delete

(button)

Click to remove this SNMP manager.

 

Create

(button)

Click to add a new default entry to the Hosts list that you can edit as needed.

Queries

Enter the Port number (161 by default) that the SNMP managers in this community use for SNMP v1 and SNMP v2c queries to receive configuration information from the FortiMail unit. Mark the Enable check box to activate queries for each SNMP version.

Traps

Enter the Local Port and Remote Port numbers (162 local, 162 remote by default) that the FortiMail unit uses to send SNMP v1 and SNMP v2c traps to the SNMP managers in this community. Enable traps for each SNMP version that the SNMP managers use.

SNMP Event

Enable each SNMP event for which the FortiMail unit should send traps to the SNMP managers in this community.

Note: Since FortiMail checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiMail checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.

See also

Configuring global disclaimers

Customizing GUI, replacement messages, email templates, SSO, and Security Fabric

Customizing the GUI appearance

Configuring an SNMP v3 user

SNMP v3 adds more security by using authentication and privacy encryption. You can specify an SNMP v3 user on FortiMail so that SNMP managers can connect to the FortiMail unit to view system information and receive SNMP traps.

To configure an SNMP v3 user
  1. Go to System > Configuration > SNMP.
  2. Under Users, click New to add a user or select a user and click Edit.
  3. The SNMPv3 User page appears.

    You can add up to 16 users.

  4. Configure the following:

GUI item

Description

User name

Enter a name to identify the SNMP user. If you are editing an existing user, you cannot change the name.

Enable

Enable to send traps to and allow queries from the user’s SNMP managers.

Security level

Choose one of the three security levels:

  • No authentication, no privacy: This option is similar to SNMP v1 and v2.
  • Authentication, no privacy: This option enables authentication only. The SNMP manager needs to supply a password that matches the password you specify on FortiMail. You must also specify the authentication protocol (either SHA1 or MD5).
  • Authentication, privacy: This option enables both authentication and encryption. You must specify the protocols and passwords. Both the protocols and passwords on the SNMP manager and FortiMail must match.

 

Authentication Protocol

For Security level, if you select either Authentication option, you must specify the authentication protocol and password. Both the authentication protocol and password on the SNMP manager and FortiMail must match.

 

Privacy protocol

For Security level, if you select Privacy, you must specify the encryption protocol and password. Both the encryption protocol and password on the SNMP manager and FortiMail must match.

Notification Hosts

Lists the SNMP managers that FortiMail will send traps to. Click Create to create a new entry. You can add up to 16 host.

 

IP Address

Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0, so that any SNMP manager can use this SNMP user.

 

Delete

(button)

Click to remove this SNMP manager.

 

Create

(button)

Click to add a new default entry to the Hosts list that you can edit as needed.

Queries

Enter the Port number (161 by default) that the SNMP managers use for SNMP v3 queries to receive configuration information from the FortiMail unit. Select the Enable check box to activate queries.

Traps

Enter the Local Port and Remote Port numbers (162 local, 162 remote by default) that the FortiMail unit uses to send SNMP v3 traps to the SNMP managers. Select the Enable check box to activate traps.

SNMP Event

Enable each SNMP event for which the FortiMail unit should send traps to the SNMP managers.

Note: Since FortiMail checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiMail checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.

See also

Configuring global disclaimers

Customizing GUI, replacement messages, email templates, SSO, and Security Fabric

Customizing the GUI appearance

FortiMail MIBs

The FortiMail SNMP agent supports Fortinet proprietary MIBs as well as standard RFC 1213 and RFC 2665 MIBs. RFC support includes support for the parts of RFC 2665 (Ethernet-like MIB) and the parts of RFC 1213 (MIB II) that apply to FortiMail unit configuration.

The FortiMail MIBs are listed in the following table. You can obtain these MIB files from Fortinet technical support. To communicate with the SNMP agent, you must compile these MIBs into your SNMP manager.

Your SNMP manager may already include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet proprietary MIB to this database. If the standard MIBs used by the Fortinet SNMP agent are already compiled into your SNMP manager you do not have to compile them again.

FortiMail MIBs

MIB file name

Description

fortimail.mib

Displays the proprietary Fortinet MIB includes detailed FortiMail system configuration information. Your SNMP manager requires this information to monitor FortiMail configuration settings. For more information, see MIB fields.

fortimail.trap.mib

Displays the proprietary Fortinet trap MIB includes FortiMail trap information. Your SNMP manager requires this information to receive traps from the FortiMail SNMP agent. For more information, see FortiMail traps.

See also

FortiMail traps

MIB fields

FortiMail traps

The FortiMail unit’s SNMP agent can send traps to SNMP managers that you have added to SNMP communities. To receive traps, you must load and compile the FortMail trap MIB into the SNMP manager.

All traps sent include the trap message as well as the FortiMail unit serial number and host name.

Trap

Description

fmlTrapCpuHighThreshold

Trap sent if CPU usage becomes too high.

fmlTrapMemLowThreshold

Trap sent if memory usage becomes too high.

fmlTrapLogDiskHighThreshold

Trap sent if log disk usage becomes too high.

fmlTrapMailDiskHighThreshold

Trap sent if mailbox disk usage becomes too high.

fmlTrapMailDeferredQueueHighThreshold

Trap sent if the number of deferred email messages becomes too great.

fmlTrapAvThresholdEvent

Trap sent when the number of detected viruses reaches the threshold.

fmlTrapSpamThresholdEvent

Trap sent when the number of spam email messages reaches the threshold.

fmlTrapSystemEvent

Trap sent when system shuts down, reboots, upgrades, etc.

fmlTrapRAIDEvent

Trap sent for RAID operations.

fmlTrapHAEvent

Trap sent when an HA event occurs.

fmlTrapArchiveEvent

Trap sent when remote archive event occurs.

fmlTrapIpChange

Trap sent when the IP address of the specified interface has been changed.

See also

FortiMail MIBs

MIB fields

MIB fields

The Fortinet MIB contains fields reporting current FortiMail unit status information. The tables below list the names of the MIB fields and describe the status information available for each. You can view more details about the information available from all Fortinet MIB fields by compiling the MIB file into your SNMP manager and browsing the MIB fields.

In brackets next to the table titles are the object identifier (OID) number for the table. The OID is unique for each field, as is the name of the field. OIDs within a table add their position in the table to the end of the table’s OID, with the first table position being 0. For example the OID of fnSysVersion is 1.3.6.1.4.1.12356.1.2 - the OID of the table, plus its position in the table.

MIB fields

MIB field

Description

fmlSysModel

FortiMail model number, such as 400 for the FortiMail-400.

fmlSysSerial

FortiMail unit serial number.

fmlSysVersion

The firmware version currently running on the FortiMail unit.

fmlSysVersionAv

The antivirus definition version installed on the FortiMail unit.

fmlSysOpMode

The operation mode (gateway, transparent, or server) of the FortiMail unit.

fmlSysCpuUsage

The current CPU usage (%).

fmlSysMemUsage

The current memory utilization (%).

fmlSysLogDiskUsage

The log disk usage (%).

fmlSysMailDiskUsage

The mail disk usage (%).

fmlSysSesCount

The current IP session count.

fmlSysEventCode

System component events.

fmlRAIDCode

RAID system events.

fmlRAIDDevName

RAID device name.

fmlHAEventId

HA event type ID.

fmlHAUnitIp

Unit IP address where the event occurs.

fmlHAEventReason

The reason for the HA event.

fmlArchiveServerIp

IP address of the remote Archive Server.

fmlArchiveFilename

Archive mail file name.

System options MIB field

MIB field

Description

fmlSysOptIdleTimeout

Idle period after which the administrator is automatically logged out off the system.

fmlSysOptAuthTimeout

Authentication idle timeout value.

fmlSysOptsLan

Web administration language.

fmlSysOptsLcdProt

Whether LCD control buttons protection is enabled or disabled.

System session MIB fields

MIB field

Description

fmlIpSessTable

FortiMail IP sessions table.

fmlIpSessEntry

Particular IP session information.

fmlIpSessIndex

An index value that uniquely identifies an IP session.

fmlIpSessProto

The protocol of the connection.

fmlIpSessFromAddr

The session source IP address,

fmlIpSessFromPort

The session source port number.

fmlIpSessToAddr

The session destination IP address.

fmlIpSessToPort

The session destination port number.

fmlIpSessExp

Time (in seconds) until the session expires.

Mail options MIB fields

MIB field

Description

fmlMailOptionsDeferQueue

The current number of deferred email messages.

Configuring system time, options, and other system options

The System > Configuration submenu lets you configure the system time, various global settings (such as idle timeout) of the web UI, and SNMP access.

This topic includes:

Configuring the time and date

For many features to work, including scheduling, logging, and certificate-dependent features, the FortiMail system time must be accurate.

Go to System > Configuration > Time to configure the system time and date of the FortiMail unit.

You can either manually set the FortiMail system time or configure the FortiMail unit to automatically keep its system time correct by synchronizing with Network Time Protocol (NTP) servers.

Note

NTP is recommended to achieve better time accuracy. NTP requires that your FortiMail unit be able to connect to the Internet on UDP port 123. Configure your firewall, if any, to allow these connections.

 

Note

FortiMail units support daylight savings time (DST), including recent changes in the USA, Canada and Western Australia.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see About administrator account permissions and domains.

Configuring system options

The System > Configuration > Option tab lets you set the following global settings:

  • system idle timeout
  • LCD panel and button access restriction (for the models that have front LCD panel and control buttons)
  • login disclaimer
  • password enforcement policy
  • administration ports on the interfaces

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see About administrator account permissions and domains.

To view and configure the system options
  1. Go to System > Configuration > Option.
  2. Configure the following:

GUI item

Description

Idle timeout

Enter the amount of time that an administrator may be inactive before the FortiMail unit automatically logs out the administrator.

Note: For better security, use a low idle timeout value.

LCD Panel (models with LCD panels)

 

 

PIN Protection

Enable to require administrators to first enter the PIN before using the LCD display panel and control buttons on the FortiMail unit, then enter the 6-digit PIN number.

This option appears only on FortiMail models whose hardware includes an LCD panel.

Caution: For better security, always configure an LCD PIN; otherwise, anyone with physical access can reconfigure the unit.

Login Disclaimer Setting

The disclaimer message appears when an administrator or user logs in to the FortiMail unit web-based manager, the FortiMail Webmail, or the FortiMail unit to view the IBE encrypted email.

 

Login disclaimer

You can use the default disclaimer text or customize it.

 

Reset To Default

(button)

If you have customized the disclaimer text but want to use the default text, select this button.

 

Apply to login page

  • Admin: Select to display the disclaimer message when the administrator logs in to the FortiMail unit web-based manager.
  • Webmail: Select to display the disclaimer message when the user logs into the FortiMail Webmail.
  • IBE: Select to display the disclaimer message when the user logs into the FortiMail unit to view the IBE encrypted email.

Password Policy

Enable the password policy for administrators, FortiMail Webmail users, and IBE encrypted email users.

 

Minimum password length

Set the minimum acceptable length (8) for passwords.

 

Password must contain

Select any of the following special character types to require in a password. Each selected type must occur at least once in the password.

Uppercase letters — A, B, C, ... Z

Lowercase letters — a, b, c, ... z

Number — 0 ... 9

Non alphanumeric character — punctuation marks, @,#, ... %

 

Apply password policy to

Select where to apply the password policy:

  • Administrators — Apply to administrator passwords. If any password does not conform to the policy, require that administrator to change the password at the next login.
  • Local mail users — Apply to FortiMail webmail users’ passwords. If any password does not conform to the policy, require that user to change the password at the next login.
  • IBE users — Apply to the passwords of the users who access the FortiMail unit to view IBE encrypted email. If any password does not conform to the policy, require that user to change the password at the next login.

Administration Ports

Specify the TCP ports for administrative access on all interfaces.

Default port numbers:

  • HTTP: 80
  • HTTPS: 443
  • SSH: 22
  • TELNET: 23
See also

Customizing the GUI appearance

Configuring the network interfaces

Configuring SNMP queries and traps

Go to System > Configuration > SNMP to configure SNMP to monitor FortiMail system events and thresholds, or a high availability (HA) cluster for failover messages.

You can also use SNMP to monitor some models which have monitored power supplies and RAID controllers. When a monitored power supply or a RAID controller is removed or added, the FortiMail unit will send configured notification for those events by log messages, alert email messages, and/or SNMP traps.

To monitor FortiMail system information and receive FortiMail traps, you must compile Fortinet proprietary MIBs as well as Fortinet-supported standard MIBs into your SNMP manager. RFC support includes support for most of RFC 2665 (Ethernet-like MIB) and most of RFC 1213 (MIB II). For more information, see FortiMail MIBs. For information on HA-specific MIB and trap MIB fields, see Getting HA information using SNMP.

The FortiMail SNMP implementation is read-only. SNMP v1, v2c, and v3 compliant SNMP managers have read-only access to FortiMail system information and can receive FortiMail traps.

The FortiMail SNMP v3 implementation includes support for queries, traps, authentication, and privacy. Before you can use its SNMP queries, you must enable SNMP access on the network interfaces that SNMP managers will use to access the FortiMail unit. For more information, see Editing network interfaces.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read-Write permission to the Others category

For details, see About administrator account permissions and domains.

This section includes:

Configuring an SNMP threshold

Configure under what circumstances an event is triggered.

To set SNMP thresholds
  1. Go System > Configuration > SNMP.
  2. Click the plus sign to expand the SNMP Threshold area.
  3. Configure the following:

GUI item

Description

SNMP agent enable

Enable to activate the FortiMail SNMP agent. This must be enabled to accept queries from SNMP managers or send traps from the FortiMail unit.

Description

Enter a descriptive name for the FortiMail unit.

Location

Enter the location of the FortiMail unit.

Contact

Enter administrator contact information.

SNMP Threshold

To change a value in the four editable columns, select the value in any row. It becomes editable. Change the value and click outside of the field. A red triangle appears in the field’s corner and remains until you click Apply.

 

Trap Type

Displays the type of trap, such as CPU Usage.

 

Trigger

You can enter either the percent of the resource in use or the number of times the trigger level must be reached before it is triggered.

For example, using the default value, if the mailbox disk is 90% or more full, it will trigger.

 

Threshold

Sets the number of triggers that will result in an SNMP trap.

For example, if the CPU level exceeds the set trigger percentage once before returning to a lower level, and the threshold is set to more than one, an SNMP trap will not be generated until that minimum number of triggers occurs during the sample period.

 

Sample Period(s)

Sets the time period in seconds during which the FortiMail unit SNMP agent counts the number of triggers that occurred.

This value should not be less than the Sample Freq(s) value.

 

Sample Freq(s)

Sets the interval in seconds between measurements of the trap condition. You will not receive traps faster than this rate, depending on the selected sample period.

This value should be less than the Sample Period(s) value.

Community

Displays the list of SNMP communities (for SNMP v1 and v2c) added to the FortiMail configuration. For information on configuring a community, see either Configuring an SNMP v1 and v2c community or Configuring an SNMP v3 user.

 

Name

Displays the name of the SNMP community. The SNMP Manager must be configured with this name.

 

Status

A green check mark icon indicates that the community is enabled.

 

Queries

A green check mark icon indicates that queries are enabled.

 

Traps

A green check mark icon indicates that traps are enabled.

User

Displays the list of SNMP v3 users added to the FortiMail configuration. For information on configuring a v3 user, see Configuring an SNMP v3 user.

 

Name

Displays the name of the SNMP v3 user. The SNMP Manager must be configured with this name.

 

Status

A green check mark icon indicates that the user is enabled.

 

Queries

A green check mark icon indicates that queries are enabled.

 

Traps

A green check mark icon indicates that traps are enabled.

 

Security level

Displays the security level.

See also

Configuring an SNMP v1 and v2c community

Configuring an SNMP v1 and v2c community

An SNMP community is a grouping of equipment for SNMP-based network administration purposes. You can add up to three SNMP communities so that SNMP managers can connect to the FortiMail unit to view system information and receive SNMP traps. You can configure each community differently for SNMP traps and to monitor different events. You can add the IP addresses of up to eight SNMP managers to each community.

To configure an SNMP community
  1. Go to System > Configuration > SNMP.
  2. Under Community, click New to add a community or select a community and click Edit.
  3. The SNMP Community page appears.

  4. Configure the following:

GUI item

Description

Name

Enter a name to identify the SNMP community. If you are editing an existing community, you cannot change the name.

You can add up to 16 communities.

Enable

Enable to send traps to and allow queries from the community’s SNMP managers.

Community Hosts

Lists SNMP managers that can use the settings in this SNMP community to monitor the FortiMail unit. Click Create to create a new entry.

You can add up to 16 hosts.

 

IP Address

Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0, so that any SNMP manager can use this SNMP community.

 

Delete

(button)

Click to remove this SNMP manager.

 

Create

(button)

Click to add a new default entry to the Hosts list that you can edit as needed.

Queries

Enter the Port number (161 by default) that the SNMP managers in this community use for SNMP v1 and SNMP v2c queries to receive configuration information from the FortiMail unit. Mark the Enable check box to activate queries for each SNMP version.

Traps

Enter the Local Port and Remote Port numbers (162 local, 162 remote by default) that the FortiMail unit uses to send SNMP v1 and SNMP v2c traps to the SNMP managers in this community. Enable traps for each SNMP version that the SNMP managers use.

SNMP Event

Enable each SNMP event for which the FortiMail unit should send traps to the SNMP managers in this community.

Note: Since FortiMail checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiMail checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.

See also

Configuring global disclaimers

Customizing GUI, replacement messages, email templates, SSO, and Security Fabric

Customizing the GUI appearance

Configuring an SNMP v3 user

SNMP v3 adds more security by using authentication and privacy encryption. You can specify an SNMP v3 user on FortiMail so that SNMP managers can connect to the FortiMail unit to view system information and receive SNMP traps.

To configure an SNMP v3 user
  1. Go to System > Configuration > SNMP.
  2. Under Users, click New to add a user or select a user and click Edit.
  3. The SNMPv3 User page appears.

    You can add up to 16 users.

  4. Configure the following:

GUI item

Description

User name

Enter a name to identify the SNMP user. If you are editing an existing user, you cannot change the name.

Enable

Enable to send traps to and allow queries from the user’s SNMP managers.

Security level

Choose one of the three security levels:

  • No authentication, no privacy: This option is similar to SNMP v1 and v2.
  • Authentication, no privacy: This option enables authentication only. The SNMP manager needs to supply a password that matches the password you specify on FortiMail. You must also specify the authentication protocol (either SHA1 or MD5).
  • Authentication, privacy: This option enables both authentication and encryption. You must specify the protocols and passwords. Both the protocols and passwords on the SNMP manager and FortiMail must match.

 

Authentication Protocol

For Security level, if you select either Authentication option, you must specify the authentication protocol and password. Both the authentication protocol and password on the SNMP manager and FortiMail must match.

 

Privacy protocol

For Security level, if you select Privacy, you must specify the encryption protocol and password. Both the encryption protocol and password on the SNMP manager and FortiMail must match.

Notification Hosts

Lists the SNMP managers that FortiMail will send traps to. Click Create to create a new entry. You can add up to 16 host.

 

IP Address

Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0, so that any SNMP manager can use this SNMP user.

 

Delete

(button)

Click to remove this SNMP manager.

 

Create

(button)

Click to add a new default entry to the Hosts list that you can edit as needed.

Queries

Enter the Port number (161 by default) that the SNMP managers use for SNMP v3 queries to receive configuration information from the FortiMail unit. Select the Enable check box to activate queries.

Traps

Enter the Local Port and Remote Port numbers (162 local, 162 remote by default) that the FortiMail unit uses to send SNMP v3 traps to the SNMP managers. Select the Enable check box to activate traps.

SNMP Event

Enable each SNMP event for which the FortiMail unit should send traps to the SNMP managers.

Note: Since FortiMail checks its status in a scheduled interval, not all the events will trigger traps. For example, FortiMail checks its hardware status every 60 seconds. This means that if the power is off for a few seconds but is back on before the next status check, no system event trap will be sent.

See also

Configuring global disclaimers

Customizing GUI, replacement messages, email templates, SSO, and Security Fabric

Customizing the GUI appearance

FortiMail MIBs

The FortiMail SNMP agent supports Fortinet proprietary MIBs as well as standard RFC 1213 and RFC 2665 MIBs. RFC support includes support for the parts of RFC 2665 (Ethernet-like MIB) and the parts of RFC 1213 (MIB II) that apply to FortiMail unit configuration.

The FortiMail MIBs are listed in the following table. You can obtain these MIB files from Fortinet technical support. To communicate with the SNMP agent, you must compile these MIBs into your SNMP manager.

Your SNMP manager may already include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet proprietary MIB to this database. If the standard MIBs used by the Fortinet SNMP agent are already compiled into your SNMP manager you do not have to compile them again.

FortiMail MIBs

MIB file name

Description

fortimail.mib

Displays the proprietary Fortinet MIB includes detailed FortiMail system configuration information. Your SNMP manager requires this information to monitor FortiMail configuration settings. For more information, see MIB fields.

fortimail.trap.mib

Displays the proprietary Fortinet trap MIB includes FortiMail trap information. Your SNMP manager requires this information to receive traps from the FortiMail SNMP agent. For more information, see FortiMail traps.

See also

FortiMail traps

MIB fields

FortiMail traps

The FortiMail unit’s SNMP agent can send traps to SNMP managers that you have added to SNMP communities. To receive traps, you must load and compile the FortMail trap MIB into the SNMP manager.

All traps sent include the trap message as well as the FortiMail unit serial number and host name.

Trap

Description

fmlTrapCpuHighThreshold

Trap sent if CPU usage becomes too high.

fmlTrapMemLowThreshold

Trap sent if memory usage becomes too high.

fmlTrapLogDiskHighThreshold

Trap sent if log disk usage becomes too high.

fmlTrapMailDiskHighThreshold

Trap sent if mailbox disk usage becomes too high.

fmlTrapMailDeferredQueueHighThreshold

Trap sent if the number of deferred email messages becomes too great.

fmlTrapAvThresholdEvent

Trap sent when the number of detected viruses reaches the threshold.

fmlTrapSpamThresholdEvent

Trap sent when the number of spam email messages reaches the threshold.

fmlTrapSystemEvent

Trap sent when system shuts down, reboots, upgrades, etc.

fmlTrapRAIDEvent

Trap sent for RAID operations.

fmlTrapHAEvent

Trap sent when an HA event occurs.

fmlTrapArchiveEvent

Trap sent when remote archive event occurs.

fmlTrapIpChange

Trap sent when the IP address of the specified interface has been changed.

See also

FortiMail MIBs

MIB fields

MIB fields

The Fortinet MIB contains fields reporting current FortiMail unit status information. The tables below list the names of the MIB fields and describe the status information available for each. You can view more details about the information available from all Fortinet MIB fields by compiling the MIB file into your SNMP manager and browsing the MIB fields.

In brackets next to the table titles are the object identifier (OID) number for the table. The OID is unique for each field, as is the name of the field. OIDs within a table add their position in the table to the end of the table’s OID, with the first table position being 0. For example the OID of fnSysVersion is 1.3.6.1.4.1.12356.1.2 - the OID of the table, plus its position in the table.

MIB fields

MIB field

Description

fmlSysModel

FortiMail model number, such as 400 for the FortiMail-400.

fmlSysSerial

FortiMail unit serial number.

fmlSysVersion

The firmware version currently running on the FortiMail unit.

fmlSysVersionAv

The antivirus definition version installed on the FortiMail unit.

fmlSysOpMode

The operation mode (gateway, transparent, or server) of the FortiMail unit.

fmlSysCpuUsage

The current CPU usage (%).

fmlSysMemUsage

The current memory utilization (%).

fmlSysLogDiskUsage

The log disk usage (%).

fmlSysMailDiskUsage

The mail disk usage (%).

fmlSysSesCount

The current IP session count.

fmlSysEventCode

System component events.

fmlRAIDCode

RAID system events.

fmlRAIDDevName

RAID device name.

fmlHAEventId

HA event type ID.

fmlHAUnitIp

Unit IP address where the event occurs.

fmlHAEventReason

The reason for the HA event.

fmlArchiveServerIp

IP address of the remote Archive Server.

fmlArchiveFilename

Archive mail file name.

System options MIB field

MIB field

Description

fmlSysOptIdleTimeout

Idle period after which the administrator is automatically logged out off the system.

fmlSysOptAuthTimeout

Authentication idle timeout value.

fmlSysOptsLan

Web administration language.

fmlSysOptsLcdProt

Whether LCD control buttons protection is enabled or disabled.

System session MIB fields

MIB field

Description

fmlIpSessTable

FortiMail IP sessions table.

fmlIpSessEntry

Particular IP session information.

fmlIpSessIndex

An index value that uniquely identifies an IP session.

fmlIpSessProto

The protocol of the connection.

fmlIpSessFromAddr

The session source IP address,

fmlIpSessFromPort

The session source port number.

fmlIpSessToAddr

The session destination IP address.

fmlIpSessToPort

The session destination port number.

fmlIpSessExp

Time (in seconds) until the session expires.

Mail options MIB fields

MIB field

Description

fmlMailOptionsDeferQueue

The current number of deferred email messages.