Viewing the Endpoint Reputation Statuses
Viewing the endpoint reputation statuses
Go to Monitor > Endpoint Reputation > Auto Blacklist to view the current list of carrier end points (by their MSISDN, subscriber ID, or other identifier) that were caught by FortiMail for sending spam. For general procedures about how to configure endpoint reputation, see “Configuring endpoint reputation” on page 639.
If a carrier end point has attempted to deliver during the automatic blacklisting window a number of spam text messages that is greater than the automatic endpoint blacklisting threshold, FortiMail unit adds the carrier end point to the automatic endpoint black list for the duration configured in the session profile. While the carrier end point is on the automatic black list and it does not expire, all text messages or email messages from it will be rejected. For information on configuring the automatic black list window, see “Configuring the endpoint reputation score window” on page 643. For information on enabling the endpoint reputation scan and configuring the automatic black list threshold in a session profile, see “Configuring session profiles” on page 482.
To access this part of the web UI, your administrator account’s:
- Domain must be System
- access profile must have Read or Read-Write permission to the Black/White List category For details, see “About administrator account permissions and domains” on page 290.
To view the automatic endpoint reputation black list, go to Monitor > Endpoint Reputation > Auto Blacklist.
Figure 77:Viewing endpoint reputation scores
Table 18:Auto Blacklist tab
|To move entries to the manual endpoint black list or white list, in the check box column, mark the check boxes of entries that you want to move, then click Move.|
|Click to filter the displayed entries. For more information, see “Filtering automatic endpoint black list entries” on page 202.|
|Endpoint ID||Lists the mobile subscriber IDSN (MSISDN), subscriber ID, login ID, or other unique identifier for the carrier end point.|
|Score||Lists the number of text messages or email messages that the FortiMail has detected as spam or infected from the MSISDN/subscriber ID during the automatic endpoint black list window.|
|Expire||Lists the time at which the automatic endpoint blacklisting entry expires and is removed from the list.
N/A appears if the endpoint ID has not reached the threshold yet.
Filtering automatic endpoint black list entries
You can filter automatic endpoint black list entries that appear on the Auto Blacklist tab based on the MSISDN, subscriber ID, or other sender identifier.
To filter the endpoint black list entries
- Go to Monitor > Endpoint Reputation > Auto Blacklist.
- Click Search.
Figure 78:A dialog appears.Search Dialog
|Field||Displays one option: Endpoint ID.|
|Operation||Select how to match the field’s contents, such as whether the row must contain the contents of Value.|
|Case Sensitive||Enable for case-sensitive filtering.|
|Value||Enter the identifier of the carrier end point, such as the subscriber ID or MSISDN, for the entry that you want to display.
A blank field matches any value. Use an asterisk (*) to match multiple patterns, such as typing 46* to match 46701123456, 46701123457, and so forth. Regular expressions are not supported.
- Click Search.
The Auto Blacklist tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Auto Blacklist tab to refresh its view.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply