Configuring the DNS and firewall settings

Configuring system settings : Using high availability (HA) : Example: Active-passive HA group in gateway mode : Configuring the DNS and firewall settings

In the example shown in Figure 16, SMTP clients will connect to the virtual IP address of the primary unit. For SMTP clients on the Internet, this connection occurs through the public network virtual IP on the FortiGate unit, whose policies allow the connections and route them to the virtual IP on the current primary unit.

Because the FortiMail HA group is installed behind a firewall performing NAT, the DNS server hosting records for the domain example.com must be configured to reflect the public IP address of the FortiGate unit, rather than the private network IP address of the HA group.

The DNS server has been configured with:

• an MX record to indicate that the FortiMail unit is the email gateway for example.com

• an A record to resolve fortimail.example.com into the FortiGate unit’s public IP address

• a reverse DNS record to enable external email servers to resolve the public IP address of the FortiGate unit into the domain name of the FortiMail unit