Configuring FortiAnalyzer Mail Settings for STARTTLS

When configuring your FortiAuthenticator for email alerts, there is no section in the GUI to enable/disable STARTTLS.

However as most things Fortinet, when you cannot do it via the GUI, head over to the CLI. Below are the steps.

Once in the CLI (connect either from inside the GUI Under ‘Dashboad —> CLI Console’ or via standard SSH v2. There you can enter into the mail settings by enteting ‘config system mail’ and hitting enter. Above you can see that I have a previously assigned IP of 1.1.16.34. This is a standard mail relay box for lab purposed. I then created a new mail entry named ‘test1’ by entering ‘edit test1’ and enter.

 

Once you are in the edit mode of ‘test1’, you can do a ‘get’ to see the different options that are available to you. Here you can use the key word ‘set’ for any of these options. The one option in particular for this blog post is ‘secure-option’.

Here you can see that I have entered ‘1.1.1.1’ as the ‘server’ option. When I type ‘set secure-option’ and a ‘?’ it shows me the available options. We can see the ‘starttls’ is the option we are looking for. We then enter the ‘set secure-option starttls’ and hit enter, then type ‘end‘

 

 

By issuing the ‘show’ command for ‘test1’ we can now see the options set.