MMS profile configuration settings
The following are MMS profile configuration settings in Security Profiles > MMS Profile.
| MMS Profile page
Lists each individual MMS profile that you created. On this page, you can edit, delete or create an MMS profile. |
| Creates a new MMS profile. When you select Create New, you are
Create New automatically redirected to the New MMS Profile page. |
| Edit Modifies settings within an MMS profile. When you select Edit, you are automatically redirected to the Edit MMS Profile. |
| Removes an MMS profile from the list on the MMS Profile page.
To remove multiple MMS profiles from within the list, on the MMS Profile page, in each of the rows of the profiles you want removed, select the Delete check box and then select Delete. To remove all MMS profiles from the list, on the MMS Profile page, select the check box in the check box column, and then select Delete. |
| Name The name of the MMS profile. |
| Displays the number of times the object is referenced to other objects. For example, av_1 profile is applied to a security policy; on the Profile page (Security Profiles > Antivirus), 1 appears in Ref. .
To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object. To view more information about how the object is being used, use one of the following icons that is avialable within the Object Usage window: View the list page for these objects – automatically redirects you to the Ref. list page where the object is referenced at. Edit this object – modifies settings within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a security policy and so, when this icon is selected, the user is redirected to the Edit Policy page. View the details for this object – table, similar to the log viewer table, contains information about what settings are configured within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a security policy, and that security policy’s settings appear within the table. |
| New MMS Profile page
Provides settings for configuring an MMS profile. This page also provides settings for configuring DLP archives and logging. |
| Profile Name Enter a name for the profile. |
| Comments Enter a description about the profile. This is optional. |
| MMS Scanning Configure MMS Scanning options. |
| MMS Bulk Email Filtering Configure MMS Bulk Email options. Detection |
| MMS Address Translation Configure MMS Address Translation options. |
| MMS Notifications Configure MMS Notification options. |
| DLP Archive Configure DLP archive option. |
| Logging Configure logging options. |
MMS scanning options
You can configure MMS scanning protection profile options to apply virus scanning, file filtering, content filtering, carrier endpoint blocking, and other scanning to MMS messages transmitted using the MM1, MM3, MM4 and MM7 protocols.
The following are the MMS Scanning options that are available within an MMS profile. You can create an MMS profile in Security Profiles > MMS Profile or edit an existing one. You must expand MMS Scanning to access the following options.
| MMS Scanning section of the New MMS Profile page |
| Monitor Only Select to cause the unit to record log messages when MMS scanning
options find a virus, match a file name, or match content using any of the other MMS scanning options. Select this option to be able to report on viruses and other problems in MMS traffic without affecting users. Tip: Select Remove Blocked if you want the unit to actually remove content intercepted by MMS scanning options. |
| Select to scan attachments in MMS traffic for viruses.
Since MM1 and MM7 use HTTP, the oversize limits for HTTP and the HTTP antivirus port configuration also applies to MM1 and MM7 Virus Scan scanning. MM3 and MM4 use SMTP and the oversize limits for SMTP and the SMTP antivirus port configuration also applies to MM3 and MM4 scanning. |
| Scan MM1 message retrieval Select to scan message retrievals that use MM1. If you enable Virus Scan for all MMS interfaces, messages are also scanned while being sent. In this case, you can disable MM1 message retrieval scanning to improve performance. |
| Quarantine Select to quarantine the selected MMS traffic |
| Remove Blocked Select to remove blocked content from each protocol and replace it with the replacement message.
Select Constant if the unit is to preserve the length of the message when removing blocked content, as may occur when billing is affected by the length of the message. Tip: If you only want to monitor blocked content, select Monitor Only. |
| Select to filter messages based on matching the content of the message with the words or patterns in the selected web content filter list.
Content Filter For information about adding a web content filter list, see the FortiGate CLI Reference. |
| Carrier Endpoint Block Select to add Carrier Endpoint Filtering in this MMS profile. Select the carrier endpoint filter list to apply it to the profile. |
| MMS Scanning section of the New MMS Profile page |
| Select to add MMS Content Checksum in this MMS profile. Select the
MMS Content Checksum MMS content checksum list to apply it to the profile. |
| Pass Fragmented Messages Select to pass fragmented MM3 and MM4 messages. Fragmented MMS messages cannot be scanned for viruses. If you do not select these options, fragmented MM3 and MM4 message are blocked. |
| Select client comforting for MM1 and MM7 sessions.
Comfort Clients Since MM1 and MM7 messages use HTTP, MM1 and MM7 client comforting operates like HTTP client comforting. |
| Comfort Servers Select server comforting for each protocol.
Similar to client comforting, you can use server comforting to prevent server connection timeouts that can occur while waiting for the unit to buffer and scan large POST requests from slow clients. |
| Enter the time in seconds before client and server comforting starts
Interval (1-900 after the download has begun, and the time between sending seconds) subsequent data. |
| Amount (1-10240 The number of bytes sent by client or server comforting at each interval.
bytes) |
| Select Block or Pass for files and email messages exceeding configured thresholds for each protocol.
The oversize threshold refers to the final size of the message, including Oversized MMS Message attachments, after encoding by the client. Clients can use a variety of encoding types; some result in larger file sizes than the original attachment. As a result, a file may be blocked or logged as oversized even if the attachment is several megabytes smaller than the oversize threshold. |
| Threshold (1KB – 800 Enter the oversized file threshold and select KB or MB. If a file is larger
MB) than the threshold the file is passed or blocked depending on the Oversized MMS Message setting. The web-based manager displays the allowed threshold range. The threshold maximum is 10% of the unit’s RAM. |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!