Manually blacklisting endpoints

The Blacklist tab lets you manually blacklist carrier end points by subscriber ID, MSISDN, or other identifier.

MSISDN numbers or subscriber IDs listed on the black list will have their email or text messages blocked as long as their identifier appears on the black list.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To edit a manual carrier endpoint black list

1. Go to AntiSpam > Endpoint Reputation > Blacklist.
2. Click New to add an entry. (Entries cannot be edited, only deleted.) A single-field dialog appears.

Figure 284: Configuring a new blacklisted endpoint

3. In Endpoint ID, type the MSISDN, subscriber ID, or other identifier for the carrier end point that you want to add to the list.
4. Click Create.

Exempting endpoints from endpoint reputation

The Exempt tab lets you manually exempt carrier end points (by MSISDN, subscriber ID, or other identifiers) from automatic blacklisting due to their endpoint reputation score.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To add an exemption

1. Go to AntiSpam > Endpoint Reputation > Exempt.
2. Click New to add an entry. (Entries cannot be edited, only deleted.) A dialog appears.

Figure 285: Configuring an endpoint reputation exemption

3. In Endpoint ID, type the MSISDN, subscriber ID, or other identifier for the carrier end point that you want to exempt.
4. Click Create.

Filtering manual endpoint black list entries

You can filter manual endpoint black list entries on the Blacklist and Exempt tabs based on the MSISDN, subscriber ID, or other identifier of the sender.

To filter entries

1. Go to AntiSpam > Endpoint Reputation > Blacklist or AntiSpam > Endpoint Reputation > Exempt.
2. Click the Search
   • dialog appears.

Figure 286: Filtering the manual endpoint entries

3. In the Value field, enter the identifier of the carrier endpoint, such as the subscriber ID or MSISDN, for the entry or entries that you want to display.
   • blank field matches any value. Use an asterisk (*) to match multiple patterns, such as typing 46* to match 46701123456, 46701123457, and so forth. Regular expressions are not supported.
4. Select Case Sensitive if capitalization is part of the search requirement.
5. Under Operation, select Contain or Wildcard to set the search method.
6. Click Search.

The tab appears again showing just entries that match your filter criteria. To remove the filter criteria and display all entries, click the tab to refresh its view.

Configuring the endpoint reputation score window

The Settings tab lets you configure the window size for calculating the reputation score for automatic endpoint reputation-based blacklisting.

In addition to manually blacklisting or exempting carrier end points based on their MSISDNs or subscriber IDs, you can configure automatic blacklisting based on endpoint reputation score. If an MSISDN or subscriber ID sends email or text messages that the FortiMail unit detects as spam or infected, the endpoint reputation score increases. You can configure session profiles to log or block, for a period of time, email and text messages from carrier end points whose reputation score exceeds the threshold during the automatic blacklisting window. For information on enabling endpoint reputation scans in session profiles and configuring the score threshold and automatic blacklisting duration, see “Configuring session profiles” on page 482.

For more information on the role of the automatic blacklisting window in the endpoint reputation scan, see “Configuring endpoint reputation” on page 639.

To access this part of the web UI, your administrator account’s:

• Domain must be System
• access profile must have Read or Read-Write permission to the Policy category

For details, see “About administrator account permissions and domains” on page 290.

To configure the automatic endpoint blacklisting window

1. Go to AntiSpam > Endpoint Reputation > Settings.

Figure 287:Configuring the endpoint reputation score window

2. In Auto blacklist window size, enter the number of previous minutes in which events will be used to calculate the current endpoint reputation score.

For example, if the window of time was 15, detections of spam or viruses within the last 0-15 minutes are counted towards the current score; but, detections of spam or viruses older than 15 minutes would not count towards the current score.

3. Click Apply.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!