FortiCarrier Web Based Manager Settings

MMS bulk email filtering options

You can use the MMS bulk email filtering options to detect and filter MM1 and MM4 message floods and duplicate messages. You can configure three thresholds that define a flood of message activity and three thresholds that define excessive duplicate messages. The configuration of each threshold includes the response actions for the threshold.

The configurable thresholds for each of the flood and duplicate sensors and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2.

You can also add MSISDN to the bulk email filtering configuration and select a subset of the bulk email filtering options to applied to these individual MSISDNs.

You must first select MM1 and/or MM4 to detect excessive message duplicates. If excessive message duplicates are detected, the unit will perform the Duplicate Message Action for the specified duration.

You can configure three duplicate message thresholds and enable them with separate values and actions. They are labeled Duplicate Threshold 1 through 3 and must be enabled in sequence. For example, you can enable Duplicate Threshold 1 and Duplicate Threshold 2, but you cannot disable Duplicate Threshold 1 and enable Duplicate Threshold 2.

When traffic accepted by a security policy that contains an MMS profile with duplicate message configured receives MM1 or MM4 duplicate messages that match a threshold configured in the MMS protection profile, the unit performs the duplicate message action configured for the matching threshold.

You can configure three message flood thresholds and enable them with separate values and actions. They are labeled Flood Threshold 1 through 3 and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2.

When traffic accepted by a security policy that contains an MMS protection profile with message flooding configured experiences MM1 or MM4 message flooding that matches a threshold configured in the MMS profile, the unit performs the message flood action configured for the matching threshold.

MMS Bulk Email Filtering Detection

This section of the New MMS Profile page contains numerous sections where you can configure specific settings for flood threshold, duplicate threshold and recipient MSISDNs.

Message Flood

The message flood settings for each flood threshold. Expand each to configure settings for a threshold.

Flood Threshold 1                     Expand to reveal the flood threshold settings for Flood Threshold 1. The settings for Flood Threshold 1 are the same for Flood Threshold 2 and 3.
               Enable                          Select to apply Flood Threshold 1 to the MSISDN exception.
               Message Flood             Enter the period of time during which a message flood will be detected if

Window                         the Message Flood Limit is exceeded. The message flood window can be 1 to 2880 minutes (48 hours).

Enter the number of messages which signifies a message flood if

Message Flood Limit exceeded within the Message Flood Window.

Message Flood Block    Enter the amount of time during which the unit performs the Message Time     Flood Action after a message flood is detected.

 

                  Message Flood             Select one or more actions that the unit is to perform when a message

Action                           flood is detected.

   Flood Threshold 2                    Expand to configure settings for Flood Threshold 2 or 3 respectively.

Flood Threshold 3

Duplicate Message

The duplicate message threshold settings. Expand each to configure settings for a threshold.

   MM1 Retrieve Duplicate            Select to scan MM1 mm1-retr messages for duplicates. By default,

Enable                                     mm1-retr messages are not scanned for duplicates as they may often

be the same without necessarily being bulk or spam.

Select to enable the selected duplicate message threshold and to make

Enable the rest of the options available for configuration.

Duplicate Message        Enter the period of time during which excessive message duplicates will Window be detected if the Duplicate message Limit it exceeded. The duplicate message window can be 1 to 2880 minutes (48 hours).
Duplicate Message        Enter the number of messages which signifies excessive message Limit duplicates if exceeded within the Duplicate Message Window.
Duplicate Message Enter the amount of time during which the unit will perform the Duplicate Block Time Message Action after a message flood is detected.
Duplicate Message        Select one or more actions that the unit is to perform when excessive Action   message duplication is detected.
   Duplicate Threshold 2              Expand to configure settings for Duplicate Threshold 2 or 3 respectively.

Duplicate Threshold 3

Recipient MSISDN

The recipient Mobile Subscriber Integrated Services Digital Network Number (MSISDN) settings for each recipient MSISDN. When you select Create New, you are automatically redirected to the New MSISDN page.

You need to save the profile before you can add MSISDNs.

   Recipient MSISDN                     The recipient MSISDN.
   Flood Threshold 1                    Check to enable Flood Threshold 1 settings for this MSISDN.
   Flood Threshold 2                    ICheck to enable Flood Threshold 2 settings for this MSISDN..
   Flood Threshold 3                    ICheck to enable Flood Threshold 3 settings for this MSISDN..
Duplicate Threshold 1 Check to enable Duplicate Threshold 1 settings for this MSISDN..
Duplicate Threshold 2 Check to enable Duplicate Threshold 2 settings for this MSISDN..
Duplicate Threshold 3 Check to enable Duplicate Threshold 3 settings for this MSISDN..
Edit Modifies the settings of a Recipient MSISDN in the Recipient MSISDN list. When you select Edit, you are automatically redirected to the New MSISDN page.
Delete Removes a Recipient MSISDN in the Recipient MSISDN list within the Recipient MSISDN section of the page.
New MSISDN page
Create New Creates a new Recipient MSISDN. When you select Create New, you are automatically redirected to the New MSISDN page.
Recipient MSISDN Enter a name for the recipient MSISDN.
Flood Threshold 1 Select to apply Flood Threshold 1 to the MSISDN exception.
Flood Threshold 2 Select to apply Flood Threshold 2 to the MSISDN exception.
Flood Threshold 3 Select to apply Flood Threshold 3 to the MSISDN exception.
Duplicate Threshold 1 Select to apply Duplicate Threshold 1 to the MSISDN exception.
Duplicate Threshold 2 Select to apply Duplicate Threshold 2 to the MSISDN exception.
Duplicate Threshold 3 Select to apply Duplicate Threshold 3 to the MSISDN exception.

MMS Address Translation options

The sender’s carrier endpoint is used to provide logging and reporting details to the mobile operator and to identify the sender of infected content.

When MMS messages are transmitted, the From field may or may not contain the sender’s address. When the address is not included, the sender information will not be present in the logs and the unit will not be able to notify the user if the message is blocked unless the sender’s address is made available elsewhere in the request.

The unit can extract the sender’s address from an extended HTTP header field in the HTTP request. This field must be added to the HTTP request before it is received by the unit. If this field is present, it will be used instead of the sender’s address in the MMS message for logging and notification. If this header field is present when a message is retrieved, it will be used instead of the To address in the message. If this header field is not present the content of the To header field is used instead.

Alternatively, the unit can extract the sender’s address from a cookie.

You can configure MMS address translation to extract the sender’s carrier endpoint so that it can be added to log and notification messages. You can configure MMS address translation settings to extract carrier endpoints from HTTP header fields or from cookies. You can also configure MMS address translation to add an endpoint prefix to the extracted carrier endpoints. For more information, see Dynamic Profiles and Endpoints in the Authentication guide.

MMS Address Translation
Sender Address Source Select to extract the sender’s address from the HTTP Header Field or a Cookie. You must also specify the identifier that contains the carrier endpoint.
Sender Address Identifier Enter the sender address identifier that includes the carrier endpoint. The default identifier is x-up-calling-line-id.

If the Sender Address Source is HTTP Header Field, the address and its identifier in the HTTP request header takes the format:

<Sender Address Identifier>: <MSISDN_value>

Where the <MSISDN_value> is the carrier endpoint. For example, the HTTP header might contain:

x-up-calling-line-id: 6044301297

where x-up-calling-line-id would be the Sender Address

Identifier.

If the Sender Address Source is Cookie, the address and its identifier in the HTTP request header’s Cookie field takes the format of attribute-value pairs:

Cookie: id=<cookie-id>;

<Sender Address Identifier>=<MSISDN Value>

For example, the HTTP request headers might contain:

Cookie: id=0123jf!a;x-up-calling-lineid=6044301297

where x-up-calling-line-id would be the Sender Address

Identifier.

Convert Sender Address From / To HEX Select to convert the sender address from ASCII to hexadecimal or from hexadecimal to ASCII. This is required by some applications.
Add Carrier Endpoint Prefix for Logging / Notification Select the following to enable adding endpoint prefixes for logging and notification.
Enable Select to enable adding the country code to the extracted carrier endpoint, such as the MSISDN, for logging and notification purposes. You can limit the number length for the test numbers used for internal monitoring without a country code.
MMS Address Translation
Prefix Enter a carrier endpoint prefix to be added to all carrier endpoints. Use the prefix to add extra information to the carrier endpoint in the log entry.
Minimum Length Enter the minimum length of the country code information being added. If this and Maximum Length are set to zero (0), length is not limited.
Maximum Length Enter the maximum length of the country code information being added. If this and Minimum Length are set to zero (0), length is not limited.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.