MMS DLP archiving
You can use DLP archiving to collect and view historical logs that have been archived to a FortiAnalyzer unit or the
FortiGuard Analysis and Management service. DLP archiving is available for FortiAnalyzer when you add a FortiAnalyzer unit to the FortiOS Carrier configuration. The FortiGuard Analysis and Management server becomes available when you subscribe to the FortiGuard Analysis and Management Service.
You can configure full DLP archiving and summary DLP archiving. Full DLP archiving includes all content, for example, full email DLP archiving includes complete email messages and attachments. Summary DLP archiving includes just the meta data about the content, for example, email message summary records include only the email header.
You can archive MM1, MM3, MM4, and MM7 content.
Configuring MMS DLP archiving
Select DLP archive options to archive MM1, MM3, MM4, and MM7 sessions. For each protocol you can archive just session metadata (Summary), or metadata and a copy of the associated file or message (Full).
In addition to MMS protection profile DLP archive options you can:
- Archive MM1 and MM7 message floods l Archive MM1 and MM7 duplicate messages
- Select DLP archiving for carrier endpoint patterns in a Carrier Endpoint List and select the Carrier Endpoint Block option in the MMS Scanning section of an MMS Protection Profile
FortiOS Carrier only allows one sixteenth of its memory for transferring content archive files. For example, for Carrier-enabled FortiGate units with 128 MB RAM, only 8 MB of memory is used when transferring content archive files. Best practices dictate to not enable full content archiving if antivirus scanning is also configured because of these memory constraints.
To configure MMS DLP archiving – web-based manager
- Go to Security Profiles > MMS Profile.
- Select Create New or select the Edit icon beside an existing profile.
- Expand MMS Bulk AntiSpam Detection > Content Archive.
- Complete the fields as described in DLP Archive options.
- Select OK.
Viewing DLP archives
You can view DLP archives from the Carrier-enabled FortiGate unit web-based manager. Archives are historical logs that are stored on a log device that supports archiving, such as a FortiAnalyzer unit.
These logs are accessed from either Log & Report > DLP Archive or if you subscribed to the FortiCloud service, you can view log archives from there.
The DLP Archive menu is only visible if one of the following is true.
- You have configured the FortiGate unit for remote logging and archiving to a FortiAnalyzer unit.
- You have subscribed to FortiCloud.
The following tabs are available when you are viewing DLP archives for one of these protocols.
- E-mail to view POP3, IMAP, SMTP, POP3S, IMAPS, SMTPS, and spam email archives. l Web to view HTTP and HTTPS archives. l FTP to view FTP archives.
- IM to view AIM, ICQ, MSN, and Yahoo! archives. l MMS to view MMS archives. l VoIP to view session control (SIP, SIMPLE and SCCP) archives.
If you need to view log archives in Raw format, select Raw beside the Column Settings icon.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!