Configuring IP pools

Configuring profiles : Configuring IP pools

Configuring IP pools

The Profile > IP Pool tab displays the list of IP pool profiles.

IP pools define a range of IP addresses, and can be used in multiple ways:

• To define destination IP addresses of multiple protected SMTP servers if you want to load balance incoming email between them (see “Relay type”)

• To define source IP addresses used by the FortiMail unit if you want outgoing email to originate from a range of IP addresses (see “IP pool”)

• To define destination addresses used by the FortiMail unit if you want incoming email to destine to the virtual host on a range of IP addresses (see “IP pool”)

Each email that the FortiMail unit sends will use the next IP address in the range. When the last IP address in the range is used, the next email will use the first IP address.


	• An IP pool in an IP policy will be used to deliver incoming emails from FortiMail to the protected server. It will also be used to deliver outgoing emails if the sender domain doesn't have a delivery IP pool or, although it has a delivery IP pool, Take precedence over recipient based policy match is enabled in the IP-based policy. • An IP pool (either in an IP policy or domain settings) will NOT be used to deliver emails to the protected domain servers if the mail flow is from internal to internal domains. • When an email message’s MAIL FROM is empty "<>", normally the email is a NDR or DSN bounced message. FortiMail will check the IP address of the sender device against the IP list of the protected domains. If the sender IP is found in the protected domain IP list, the email flow is considered as from internal to internal and the above rule is applied (the IP pool will be skipped). FortiMail will also skip the DNS query if servers of the protected domains are configured as host names and MX record.

To access this part of the web UI, your administrator account’s:

• Domain must be System

• access profile must have Read or Read-Write permission to the Policy category.

For details, see “About administrator account permissions and domains”.

To manage IP pool profiles

1. Go to Profile > IP Pool > IP Pool.

2. Either click New to add a profile or double-click a profile to modify it.

3. For a new profile, enter a name in Pool name.

The name must contain only alphanumeric characters, hyphens ( - ) and underscores ( _ ). Spaces are not allowed.

4. Under IP Ranges, click New.

Fields appear beneath Start IP and Range.

5. In Start IP, enter the IP address that begins the range of IP addresses that will be used for this IP pool.

6. In Range, enter the total number of IP addresses in the contiguous range of the IP pool, including that of the Start IP.

For example, if Start IP is 10.0.0.3 and Range is 5, the IP pool will contain the IP addresses 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6, and 10.0.0.7.

7. To include additional ranges of IP addresses in this IP pool, repeat the previous steps.

To remove a range of IP addresses from this IP pool, select the range and click Delete.

8. If you want to bind a certificate to this IP pool profile for TLS purpose, under SMTP Certificate, select a certificate and specify if the certificate will be used for mail receiving, delivery, or both. For exmaple, if FortiMail protects several mail servers for several customers, you may want to bind the customer’s own certificate to the customer’s IP pool.

9. Click Create or OK.

To apply the IP pool, select it in a protected domain or IP-based policy. For details, see “Relay type”, “IP pool”, and/or “IP Pool”.