Who is Office of The CISO? - How to Get Into Cybersecurity - What is a Chief Information Security Officer?
What is a SOC Analyst?
Configuring simple Anti-Spam protection
Small offices, whether they are small companies, home offices, or satellite offices, often have very simple needs. This example details how to enable Anti-Spam protection on a FortiGate unit located in a satellite office.
Creating an email filter profile
Most Anti-Spam settings are configured in an Anti-Spam profile. Anti-Spam profiles are selected in firewall policies. This way, you can create multiple Anti-Spam profiles, and tailor them to the traffic controlled by the security policy in which they are selected. In this example, you will create one Anti-Spam profile.
To create an Anti-Spam profile — web-based manager
1. Go to Security Profiles > Anti-Spam.
2. Select the Create New icon in the Edit Anti-Spam Profile window title.
3. In the Name field, enter basic_anti-spam
4. Select Enable Spam Detection and Filtering.
5. Ensure that IMAP, POP3, and SMTP are selected in the header row.
These header row selections enable or disable examination of each Anti-Spam type. When disabled, the email traffic of that type is ignored by the FortiGate unit and no Anti-Spam options are available.
6. Under FortiGuard Spam Filtering, enable IP Address Check.
7. Under FortiGuard Spam Filtering, enable URL Check.
8. Under FortiGuard Spam Filtering, enable E–mail Checksum Check.
9. Select OK to save the email filter profile.
To create an Anti-Spam profile — CLI
config spamfilter profile edit basic_anti-spam
set options spamfsip spamfsurl spamfschksum end
Selecting the Anti-Spam profile in a security policy
An Anti-Spam profile directs the FortiGate unit to scan network traffic only when it is selected in a security policy. When an Anti-Spam profile is selected in a security policy, its settings are applied to all the traffic the security policy handles.
To select the Anti-Spam profile in a security policy — web-based manager
1. Go to Policy & Objects > IPv4 Policy.
2. Create a new or edit a policy.
3. Turn on Anti-Spam.
4. Select the basic_anti-spam profile from the list.
5. Select OK to save the security policy.
To select the Anti-Spam profile in a security policy — CLI
config firewall policy edit 1
set utm-status enable
set profile-protocol-options default set spamfilter-profile basic_anti-spam
IMAP, POP3, and SMTP email traffic handled by the security policy you modified will be scanned for spam. Spam messages have the text “Spam” added to their subject lines. A small office may have only one security policy configured. If you have multiple policies, consider enabling spam scanning for all of them.
Blocking email from a user
Employees of the Example.com corporation have been receiving unwanted email messages from a former client at a company called example.net. The client’s email address is email@example.com. All ties between the company and the client have been severed, but the messages continue. The FortiGate unit can be configured to prevent these messages from being delivered.
To enable Anti-Spam
1. Go to Security Profiles > Anti-Spam.
2. Select the Anti-Spam profile that is used by the firewall policies handling email traffic from the Anti-Spam profile drop down list.
3. In the row Tag Location, select Subject for all three mail protocols.
4. In the row Tag Format, enter SPAM: in all three fields.
This means that normal spam will be tagged in the subject line.
5. Select Enable Spam Detection and Filtering.
6. Under Local Spam Filtering, enable Black White List and select Create New.
7. In the Black White List widget, select Create New.
8. Select Email Address Wildcard.
9. Enter firstname.lastname@example.org in the Pattern field.
- If you wanted to prevent everyone’s email from the client’s company from getting through you could have used *@example.net instead.
10. Set the Action as Mark as Reject.
11. Set the Status to Enable.
12. Select OK.
Now that the email address list is created, you must enable the email filter in the Anti-Spam profile.
When this Anti-Spam profile is selected in a security policy, the FortiGate unit will reject any email message from an address ending with @example.net for all email traffic handled by the security policy.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos