FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
heng
Staff
Staff
Article Id 196566

Description

 

This article describes how to set up an email notification with the Fortinet default SMTP mail server. The default is notification.fortinet.net for FortiManager and FortiAnalyzer.

 

Scope

 

FortiManager and FortiAnalyzer version 6.4.6 GA or 7.0.0 GA and higher.


Solution

 

It is possible to set up email notifications in the CLI or the GUI. The upstream firewall must allow an open port of TCP/465 in both cases.


Set up email notifications from the CLI:

 

Run the following commands. The authentication type must be set to 'certificate'.

 

# config system mail
    edit "notification.fortinet.net"
        set auth enable
        set auth-type certificate
        set local-cert "Fortinet_Local"
        set port 465
        set secure-option smtps
        set server "notification.fortinet.net"
    next
end

 

Set up email notifications from the GUI:

Go to System Settings -> Advanced -> Mail Server and fill in the details as desired:

Stephen_G_0-1669215479622.png

 

Use the following command to test the connection. An example output has been provided.

 

# diagnose test connection mailserver notification.fortinet.net faz@fortine.com xyz@fortinet.com
Testing SMTP server notification.fortinet.net, please wait...
* Trying 208.91.114.151:465...
* Connected to notification.fortinet.net (208.91.114.151) port 465 (#0)
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* Server certificate:
* subject: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=FortiMail; CN=FortiMail; emailAddress=support@fortinet.com
* start date: Jul 3 17:24:18 2015 GMT
* expire date: Jan 19 03:14:07 2038 GMT
* issuer: C=US; ST=California; L=Sunnyvale; O=Fortinet; OU=Certificate Authority; CN=support; emailAddress=support@fortinet.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* old SSL session ID is stale, removing
< 220 notification.fortinet.net ESMTP Smtpd; Wed, 23 Nov 2022 06:52:19 -0800
> EHLO FAZVM64
< 250-notification.fortinet.net Hello 129-10.83-90.static-ip.oleane.fr [90.83.10.129], pleased to meet you
< 250-ENHANCEDSTATUSCODES
< 250-PIPELINING
< 250-8BITMIME
< 250-SIZE 10485760
< 250-AUTH LOGIN PLAIN
< 250-DELIVERBY
< 250 HELP
> MAIL FROM:<faz@fortine.com>
< 250 2.1.0 <faz@fortine.com>... Sender ok
> RCPT TO:<xyz@fortinet.com>
< 250 2.1.5 <xyz@fortinet.com>... Recipient ok
> DATA
< 354 Enter mail, end with "." on a line by itself
< 250 2.0.0 2ANEqJmp005097-2ANEqJmq005097 Message accepted for delivery
* Connection #0 to host notification.fortinet.net left intact
A test email has been sent to xyz@fortinet.com through notification.fortinet.net.

 

Related article:

Troubleshooting Tip: How to understand the email SMTP issues and its causes