Tag Archives: fortinet hardware

System Settings

The System Settings tab enables you to manage and configure system options for the FortiAnalyzer unit. This includes the basic network settings to connect the device to the corporate network, the configuration of administrators and their access privileges, and managing and updating firmware for the device

The System Settings tab provides access to the following menus and sub-menus:

Dashboard	Select this menu to configure, monitor, and troubleshoot your FortiAnalyzer device. Dashboard widgets include: System Information, License Information, Unit Operation, System Resources, Alert Message Console, CLI Console, Log Receive Monitor, Logs/Data Received, and Statistics.
All ADOMs	Select this menu to create new ADOMs and monitor all existing ADOMs.
RAID management	Select this menu to configure and monitor your Redundant Array of Independent Disks (RAID) setup. This page displays information about the status of RAID disks as well as what RAID level has been selected. It also displays how much disk space is currently consumed.
Network	Select this menu to configure your FortiAnalyzer interfaces. You can also view the IPv4/IPv6 Routing Table and access Diagnostic Tools.
Admin	Select this menu to configure administrator user accounts, as well as configure global administrative settings for the FortiAnalyzer unit. • Administrator • Profile • Remote authentication server • Administrator settings
Certificates	Select this menu to configure the following: • Local certificates • CA certificates • Certificate revocation lists

Event log

Select this menu to view FortiAnalyzer event log messages. On this page you can:

• Download the logs in .log or .csv formats

• View raw logs or logs in a formatted table

• Browse the event log, FDS upload log, and FDS download log

Task monitor

Select this menu to monitor FortiAnalyzer tasks.

Advanced

Select to configure advanced settings.

• SNMP v1/v2c

• Mail server

• Syslog server

• Meta fields

• Device log settings

• File management

• Advanced settings

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13

Troubleshooting

This section provides guidelines to help you determine why your FortiMail unit is behaving unexpectedly. It includes general troubleshooting methods and specific troubleshooting tips using both the command line interface (CLI) and the web UI. Each troubleshooting item describes both the problem and the solution.

Some CLI commands provide troubleshooting information not available through the web UI. The web UI is better suited for viewing large amounts of information on screen, reading logs and archives, and viewing status through the dashboard.

For late-breaking troubleshooting information, see the Fortinet Knowledge Base .

For additional information, see “Best practices and fine tuning” on page 697.

This section contains the following topics:

Establish a system baseline
Define the problem
Search for a known solution
Create a troubleshooting plan
Gather system information
Troubleshoot hardware issues
Troubleshoot GUI and CLI connection issues
Troubleshoot FortiGuard connection issues
Troubleshoot MTA issues
Troubleshoot antispam issues
Troubleshoot HA issues
Troubleshoot resource issues
Troubleshoot bootup issues
Troubleshoot installation issues
Contact Fortinet customer support for assistance

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Configuring Profiles

6 Replies

Configuring profiles

The Profile menu lets you configure many types of profiles. These are a collection of settings for antispam, antivirus, authentication, or other features.

After creating and configuring a profile, you can apply it either directly in a policy, or indirectly by inclusion in another profile that is selected in a policy. Policies apply each selected profile to all email messages and SMTP connections that the policy governs.

Creating multiple profiles for each type of policy lets you customize your email service by applying different profiles to policies that govern different SMTP connections or email users. For instance, if you are an Internet service provider (ISP), you might want to create and apply antivirus profiles only to policies governing email users who pay you to provide antivirus protection.

This section includes:

Configuring session profiles
Configuring antispam profiles and antispam action profiles
Configuring antivirus profiles and antivirus action profiles
Configuring content profiles and content action profiles
Configuring resource profiles (server mode only)
Configuring authentication profiles
Configuring LDAP profiles
Configuring dictionary profiles
Configuring security profiles
Configuring IP pools
Configuring email and IP groups
Configuring notification profiles

Configuring session profiles

Session profiles focus on the connection and envelope portion of the SMTP session. This is in contrast to other types of profiles that focus on the message header, body, or attachments.

To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Policy category. For details, see “About administrator account permissions and domains” on page 290.

To configure session profiles

Go to Profile > Session > Session.
Click New to add a profile or double-click a profile to modify it.

A multisection page appears.

Figure 193:Session Profile dialog

For a new session profile, type the name in Profile name.
Configure the following sections as needed:

“Configuring connection settings” on page 483
“Configuring sender reputation options” on page 485
“Configuring endpoint reputation options” on page 487
“Configuring sender validation options” on page 488
“Configuring session settings” on page 490
“Configuring unauthenticated session settings” on page 493
“Configuring SMTP limit options” on page 496
“Configuring error handling options” on page 497
“Configuring header manipulation options” on page 498
“Configuring list options” on page 499
Configuring advanced MTA control settings

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

Configuring Policies

Configuring policies

The Policy menu lets you create policies that use profiles to filter email.

It also lets you control who can send email through the FortiMail unit, and stipulate rules for how it will deliver email that it proxies or relays.

• What is a policy?

How to use policies
Controlling SMTP access and delivery
Controlling email based on recipient addresses
Controlling email based on IP addresses

What is a policy?

A policy defines which way traffic will be filtered. It may also define user account settings, such as authentication type, disk quota, and access to webmail.

After creating the antispam, antivirus, content, authentication, TLS, or resource profiles (see “Configuring profiles” on page 482), you need to apply them to policies for them to take effect.

FortiMail units support three types of policies:

Access control and delivery rules that are typical to SMTP relays and servers (see

“Controlling SMTP access and delivery” on page 456)

Recipient-based policies (see “Controlling email based on recipient addresses” on page 468)
IP-based policies (see “Controlling email based on IP addresses” on page 475)

Recipient-based policies versus IP-based policies

Recipient-based policies

The FortiMail unit applies these based on the recipient’s email address or the recipient’s user group. May also define authenticated webmail or POP3 access by that email user to their per-recipient quarantine. Since version 4.0, the recipient-based policies also check sender patterns.

IP-based policies

The FortiMail unit applies these based on the SMTP client’s IP address (server mode or gateway mode), or the IP addresses of both the SMTP client and SMTP server (transparent mode).

Page 453

Incoming versus outgoing email messages

There are two types of recipient-based policies: incoming and outgoing. The FortiMail unit applies incoming policies to the incoming mail messages and outgoing policies to the outgoing mail messages.

Whether the email is incoming or outgoing is decided by the domain name in the recipient’s email address. If the domain is a protected domain, the FortiMail unit considers the message to be incoming and applies the first matching incoming recipient-based policy. If the recipient domain is not a protected domain, the message is considered to be outgoing, and applies outgoing recipient-based policy.

To be more specific, the FortiMail unit actually matches the recipient domain’s IP address with the IP list of the protected SMTP servers where the protected domains reside. If there is an IP match, the domain is deemed protected and the email destined to this domain is considered to be incoming. If there is no IP match, the domain is deemed unprotected and the email destined to this domain is considered to be outgoing.

For more information on protected domains, see “Configuring protected domains” on page 380.

Pages: 1 2 3 4 5 6 7 8 9