Configuring system settings : Configuring mail settings : Selecting the mail data storage location
Selecting the mail data storage location
The System > Mail Settings > Storage tab lets you configure local or remote storage of mail data such as the mail queues, email archives, email users’ mailboxes, quarantined email, and IBE encrypted email.
FortiMail units can store email either locally or remotely. FortiMail units support remote storage by a centralized quarantine, and/or by a network attached storage (NAS) server using the network file system (NFS) protocol.
NAS has the benefits of remote storage which include ease of backing up the mail data and more flexible storage limits. Additionally, you can still access the mail data on the NAS server if your FortiMail unit loses connectivity.
 
If the FortiMail unit is a member of an active-passive HA group, and the HA group stores mail data on a remote NAS server, disable mail data synchronization to prevent duplicate mail data traffic. For details, see “Configuring the HA mode and group”.
 
 
If you store the mail data on a remote NAS device, you cannot back up the data. You can only back up the mail data stored locally on the FortiMail hard disk. For information about backing up mail data, see “Configuring mailbox backups”.
 
 
If you choose remote storage, mail data will not be duplicated locally. Mail data on remote storage cannot be transferred back to local storage either, if you choose to switch to local storage later.
Tested and Supported NFS servers
Linux NAS
FreeNAS
Openfiler
EMC VNXe3150 (version 2.4.2.21519(MR4 SP2))
EMC Isilon S200 (OneFS 7.1.0.3)
Untested NFS servers
Buffalo TeraStation
Cisco Linksys NAS server
Non-Supported NFS Servers
Windows 2003 R2 /Windows 2008 Service for NFS
If you do not need consolidated storage for the mail queue and email user inboxes, the higher FortiMail models (FortiMail VM02/400C series and above) can act as a centralized quarantine server and IBE encrypted email storage server. If applicable to your model, the Receive quarantined messages from clients option and the Receive IBE messages from clients option appear on the Storage tab.
FortiMail VM02, VM04, 400C, 400E, and 1000D models can host a maximum of 10 clients and FortiMail VM08/2000E and above models can host up to 20 clients. Any FortiMail model can be a client.
To access this part of the web UI, your administrator account’s:
Domain must be System
access profile must have Read or Read-Write permission to the Others category
For details, see “About administrator account permissions and domains”.
To configure mail data storage
1. Go to System > Mail Settings > Storage.
2. Configure the following:
 
GUI item
Description
NAS section
 
 
Local
Select to store email on the FortiMail unit’s local disk or RAID.
 
NAS server
Select to store email on a remote network attached storage (NAS) server.
 
Test
(button)
Click to verify the NAS server settings are correct and that the FortiMail unit can access that location. The test action basically tries to discover, login, mount, and unmount the remote device.
This button is available only when NAS server is selected.
 
Protocol
Select a type of the NAS server:
NFS: To configure a network file system (NFS) server. For this option, enter the following information:
Hostname/IP address: the IP address or fully qualified domain name (FQDN) of the NFS server.
Port: the TCP port number on which the NFS server listens for connections.
Directory: the directory path of the NFS export on the NAS server where the FortiMail unit will store email.
iSCSI Server: To configure an Internet SCSI (Small Computer System Interface) server. For this option, enter the following information:
Username: the user name of the FortiMail unit’s account on the iSCSI server.
Password: the password of the FortiMail unit’s account on the iSCSI server.
Hostname/IP address: the IP address or fully qualified domain name (FQDN) of the iSCSI server.
Port: the TCP port number on which the iSCSI server listens for connections.
Encryption key: the key that will be used to encrypt data stored on the iSCSI server. Valid key lengths are between 6 and 64 single-byte characters.
iSCSI ID: the iSCSI identifier in the format expected by the iSCSI server, such as an iSCSI Qualified Name (IQN), Extended Unique Identifier (EUI), or T11 Network Address Authority (NAA).
Status: When available. it indicates if the iSCSI share was successfully mounted on the FortiMail unit’s file system. This field appears only after you configure the iSCSI share and click Apply. Status may take some time to appear if the iSCSI server is slow to respond.
If Not mounted appears, the iSCSI share was not successfully mounted. Verify that the iSCSI server is responding and the FortiMail unit has both read and write permissions on the iSCSI server.
 
Refresh
(button)
This button appears when you configure an iSCSI server. Click it to update the information in the Status field.
 
Click here to format this device
 
Click here to check file system on this device
These two links appear when you configure an iSCSI server and click Apply.
Click a link to initiate the described action (that is, format the device or check its file system). A message appears saying the action is being executed. Click OK to close the message and click Refresh to see a Status update.
Note: If the ISCSI disk has never been formatted, FortiMail needs to format it before it can be used. If the disk has been formatted before, you do not need to format it again. unless you want to wipe out the data on it.
Centralized Quarantine section
 
Disabled
Select to store the quarantines on the FortiMail unit’s local disk or RAID.
 
Receive quarantined messages from clients
Select to have this FortiMail unit act as a centralized quarantine server, then enter the IP addresses of all valid clients.
This option is available on some high end models.
FortiMail VM02, 400E, 1000D and 2000E models can host a maximum of 10 clients and FortiMail 3000 series and above models can host up to 20 clients. Any FortiMail model can be a client.
Other FortiMail units acting as clients send all their quarantined email to this FortiMail unit. This FortiMail unit only accepts a connection if the client’s IP address matches an IP address on the list of clients configured here.
 
Send quarantined messages to remote server
Select to have this FortiMail unit act as a centralized quarantine client. All quarantined email is saved on a centralized quarantine server, if available.
When selected, enter the following information:
Over SSL: Select to send quarantined messages over SSL.
Name: Enter a name to identify this client to the quarantine server. This value must match the name of the client as it is configured on the quarantine server. Otherwise, the connection will fail.
Host: Enter the IP address of the FortiMail unit that is acting as a centralized quarantine server.
Centralized IBE section
 
 
Disabled
Select to store IBE encrypted email on the FortiMail unit’s local disk or RAID.
 
Receive IBE messages from clients
Select to have this FortiMail unit act as a centralized IBE mail storage server, then enter the IP addresses of all valid clients which are the FortiMail units that are configured to send IBE messages to this unit.
This option is available on some high end models.
FortiMail VM02, 400E, 1000D and 2000E models can host a maximum of 10 clients and FortiMail 3000 series and above models can host up to 20 clients. Any FortiMail model can be a client.
Other FortiMail units acting as clients send all their IBE email to this FortiMail unit. This FortiMail unit will only accept a connection if the client’s IP address matches an IP address on the list of clients configured here.
Note: The protected domains on the IBE mail server must match the domains on the clients. Otherwise the secure mail recipients cannot retrieve their secure email from the server.
 
Send IBE messages to remote server over SSL
Select to have this FortiMail unit act as a centralized IBE storage client. All IBE email will be saved on the centralized IBE mail storage server, if available.
When selected, enter the following information:
Name: Enter a name to identify this client to the centralized IBE mail storage server. This value must match the name of the client as it is configured on the centralized IBE mail storage server. Otherwise, the connection will fail.
Host: Enter the IP address of the FortiMail unit that is acting as a centralized IBE mail storage server.