Versions Compared

Old Version 2

changes.mady.by.user Miguel Lauriano

Saved on

compared with

New Version Current

changes.mady.by.user Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
styledisc
typelist
printabletrue

About The Device

 FortiMail FortiMail delivers advanced multi-layered protection against the full spectrum of email-borne threats, it helps your organization prevent, detect, and respond to email-based threats including spam, phishing, malware, zero-day threats, impersonation, and Business Email Compromise (BEC) attacks.

...

Port Requirements

Source

Destination

Port

 FortiMail Email Security Fortinet FortiMail

CyberHub

601 (TCP)

To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.

While we understand that TLS support may not be available on all devices, if your devices do support TLS communication, we recommend utilizing port 6514 for seamless integration.

In some cases, the upgraded version of the device might incorporate TLS support without prior notice. If you come across such a scenario or for further assistance in configuring TLS, we kindly ask you to reach out to your dedicated Adaptive MxDR Service Delivery Lead.

Device Configuration

  1. Log in to the FortiMail unit’s web UI.

  2. Go Navigate to Log & Report > Log Setting > Remote.

...

  1. Click New to create a new entry, a dialog will appear.

...

  1. Enable status to allow logging to a remote host.

  2. Enter a Name.

  3. In Server name/IP, enter the IP address of the CyberHub.

  4. In Server Port, enter the TCP port number as 601.

  5. In Protocol, select Syslog to send logs to CyberHub.

  6. In Mode, select TCP

  7. From Level, select the severity level Information. FortiMail unit logs all messages at and above the selected severity level.

  8. From Facility, select the facility identifier that the FortiMail unit will use to identify itself when sending log messages. To easily identify log messages from the FortiMail unit when they are stored on a remote logging server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.

  9. Deselect CSV format.

  10. Under Logging Policy Configuration, enable all types of events/logs to be forwarded to CyberHub.

...

Property

Default Value

Description

IP Address

 FortiMail Email Security Fortinet FortiMail interface IP address

Hostname or IP address of the device which forwards logs to the CyberHub.