Configuring System Settings

About the management IP

When a FortiMail unit operates in transparent mode, you can configure one or more of its network interfaces to act as a Layer 2 bridge, without IP addresses of their own. However, the FortiMail unit must have an IP address for administrators to configure it through a network connection rather than a local console. The management IP address enables administrators to connect to the FortiMail unit through port1 or other network ports, even when they are currently bridging.

By default, the management IP address is indirectly bound to port1 through the bridge. If other network interfaces are also included in the bridge with port1, you can configure the FortiMail unit to respond to connections to the management IP address that arrive on those other network interfaces. For more information, see “Do not associate with management IP” on page 253.

Unless you configured an override server IP address, FortiMail units uses this IP address to connect to the FortiGuard Distribution Network (FDN). Depending on your network topology, the management IP may be a private network address. In this case, it is not routable from the FDN and is unsuitable for use as the destination IP address of push update connections from the FDN. For push updates to function correctly, you must configure an override server. For details, see “Configuring push updates” on page 241.

You can access the web UI, FortiMail webmail, and the per-recipient quarantines remotely using the management IP address.

About FortiMail logical interfaces

In addition to the FortiMail physical interfaces, you can create the following types of logical interfaces on FortiMail:

  • VLAN subinterfaces
  • Redundant interfaces
  • Loopback interfaces

VLAN subinterfaces

A Virtual LAN (VLAN) subinterface, also called a VLAN, is a virtual interface on a physical interface. The subinterface allows routing of VLAN tagged packets using that physical interface, but it is separate from any other traffic on the physical interface.

Virtual LANs (VLANs) use ID tags to logically separate devices on a network into smaller broadcast domains. These smaller domains forward packets only to devices that are part of that VLAN domain. This reduces traffic and increases network security.

One example of an application of VLANs is a company’s accounting department. Accounting computers may be located at both main and branch offices. However, accounting computers need to communicate with each other frequently and require increased security. VLANs allow the accounting network traffic to be sent only to accounting computers and to connect accounting computers in different locations as if they were on the same physical subnet.

For information about adding VLAN subinterfaces, see “Configuring the network interfaces” on page 247.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.