Fortinet white logo
Fortinet white logo

Cookbook

Configure access control rule and recipient policy on FortiMail

Configure access control rule and recipient policy on FortiMail

This topic shows how to configure an access control rule on FortiMail to accept and relay the email from Google Workspace and how to configure an recipient policy to scan the email.

To add an ACL rule for Google Workspace

  1. On the FortiMail admin GUI, go to Policy > Access Control > Receiving.
  2. Click New to create a new access control rule.
  3. Configure the following:
  • Enabled: Select whether or not the access control rule is currently in effect.
  • Sender: Specify the sender patterns appropriate to cover the email senders from Google Workspace.
  • Recipient: Specify the recipient patterns appropriate to cover the email senders from Google Workspace.
  • Source: Specify the email server using the appropriate format.
  • Reverse DNS pattern: Enter a pattern to compare to the result of a reverse DNS look-up of the IP address of the SMTP client delivering the email message.
  • Authentication status: Select whether or not to match this access control rule based on client authentication.
    • Any: Match or do not match this access control rule regardless of whether the client has authenticated with the FortiMail unit.
    • Authenticated: Match this access control rule only for clients that have authenticated with the FortiMail unit.
    • Not Authenticated: Match this access control rule only for clients that have not authenticated with the FortiMail unit.
  • TLS profile: Select a TLS profile to allow or reject the connection based on whether the communication session attributes match the settings in the TLS profile.
  • Action: Select the Relay action.
  • Comments: Enter a comment if necessary. The comment will appears as a mouse-over tool-tip in the ID column of the rule list.

To add a scan policy

  1. On the FortiMail admin GUI, go to Policy > Recipient Policy > Outbound.
  2. Click New to create a new scan policy for outbound email from Google Workspace.
  3. Make sure that all the domains on Google Workspace are covered. For details about adding a recipient based outbound policy, see the FortiMail Administration Guide.

Configure access control rule and recipient policy on FortiMail

Configure access control rule and recipient policy on FortiMail

This topic shows how to configure an access control rule on FortiMail to accept and relay the email from Google Workspace and how to configure an recipient policy to scan the email.

To add an ACL rule for Google Workspace

  1. On the FortiMail admin GUI, go to Policy > Access Control > Receiving.
  2. Click New to create a new access control rule.
  3. Configure the following:
  • Enabled: Select whether or not the access control rule is currently in effect.
  • Sender: Specify the sender patterns appropriate to cover the email senders from Google Workspace.
  • Recipient: Specify the recipient patterns appropriate to cover the email senders from Google Workspace.
  • Source: Specify the email server using the appropriate format.
  • Reverse DNS pattern: Enter a pattern to compare to the result of a reverse DNS look-up of the IP address of the SMTP client delivering the email message.
  • Authentication status: Select whether or not to match this access control rule based on client authentication.
    • Any: Match or do not match this access control rule regardless of whether the client has authenticated with the FortiMail unit.
    • Authenticated: Match this access control rule only for clients that have authenticated with the FortiMail unit.
    • Not Authenticated: Match this access control rule only for clients that have not authenticated with the FortiMail unit.
  • TLS profile: Select a TLS profile to allow or reject the connection based on whether the communication session attributes match the settings in the TLS profile.
  • Action: Select the Relay action.
  • Comments: Enter a comment if necessary. The comment will appears as a mouse-over tool-tip in the ID column of the rule list.

To add a scan policy

  1. On the FortiMail admin GUI, go to Policy > Recipient Policy > Outbound.
  2. Click New to create a new scan policy for outbound email from Google Workspace.
  3. Make sure that all the domains on Google Workspace are covered. For details about adding a recipient based outbound policy, see the FortiMail Administration Guide.