Scribd Logo
Upload

Welcome to Scribd!

  • FortiMail 02 System Configuration

    Uploaded by

    yousef512
    152 views16 pages
    test trgfg

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    test trgfg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    152 views16 pages

    FortiMail 02 System Configuration

    Uploaded by

    yousef512
    test trgfg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    221 - FortiMail Email Filtering

    System Configuration

    System Configuration
    Module 2

    2013 Fortinet Inc. All rights reserved.


    The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams
    1
    or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical
    or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726

    Module Objectives
    By the end of this module, you will be able to:
    Use CLI and web UI administrative interfaces
    Configure initial settings on the FortiMail system
    Search FortiMail system logs to obtain data

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    Web Access
    Admin Login
    https://192.168.1.99/admin

    Webmail Login
    https://192.168.1.99

    Admin Web UI

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    System Status

    Admin Menu
    Menu options available in the Admin web UI include the following:

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    System
    Dashboard JAVA Based Console
    Provides direct access to the command line interface via the web GUI

    Login Customization

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    Context Sensitive On-line Help

    Basic and Advanced Mode


    Basic Mode
    Commonly used options only
    Day-to-day operation

    Advanced Mode
    Full set of menu options

    10

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    CLI Tree
    Command

    Object

    config

    system interface
    Table

    Subcommand
    edit

    <port_name>

    Option

    set status {up | down}

    Field

    set ip
    next

    <interface_ipv4mask>

    end

    Value

    11

    Quick Start Wizard

    Effective way to have the unit up and running in no time by configuring


    the following parameters:
    Default password for the administrator account
    Network and time settings
    Local host settings
    Protected domains
    Incoming and outgoing antispam and antivirus
    Access control rules for SMTP Relay
    Note: The operational mode cannot be set though the Quick Start Wizard
    12

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    Configuring Network Interfaces

    13

    Link Status Propagation


    Link status of a port is
    propagated to other port(s)
    Status of an interface is
    linked to the status of another
    interface
    If associated interface is
    down, the interface goes
    down too

    14

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    Link Status Propagation


    MTA
    3.

    FORTIMAIL IS
    REMOVED FROM
    THE LB POOL

    2. STATUS
    PROPAGATION

    If the outgoing interface is


    down FortiMail unit will
    disable the incoming
    interface and vice-versa
    Downstream load-balancer:
    Detects the failure
    Removes the appliance from
    the LB algorithm to stop mail
    forwarding

    1. FAILURE
    DETECTION

    Sends messages to other units


    available in the pool

    15

    Configuring Routing

    16

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    Route Selection
    The destination IP address is compared to those of the static routes to
    determine which route a packet will take
    The most specific route will always be chosen
    If there is more than one specific route available in the routing table,
    the FortiMail unit will apply the route with the smallest index number
    The index number is a unique value used to identify a route entry in
    the routing table and can be determined with the following CLI
    command:
    get system route

    17

    DNS Settings
    Primary and secondary DNS can be configured using the web UI or the CLI

    CLI Configuration:
    config system dns
    set primary 10.0.1.1
    set secondary 208.91.112.52
    end

    18

    06-50000-0221-20130726

    221 - FortiMail Email Filtering

    System Configuration

    Administration Options

    19

    Access Profiles
    Access Profiles are used to:
    Control which areas an administrator can access
    Define the level of permissions in that area

    20

    06-50000-0221-20130726

    10

    221 - FortiMail Email Filtering

    System Configuration

    Password Policies
    Enforce complex passwords
    Apply to administrators, webmail and IBE users

    21

    Admin Authentication
    Authentication types supported include local, RADIUS,
    RADIUS+Local, PKI and LDAP

    22

    06-50000-0221-20130726

    11

    221 - FortiMail Email Filtering

    System Configuration

    Enable and Disable Message Services


    Allows you to turn SMTP, POP3 or IMAP services ON/OFF
    Required for vulnerability and security assessment tests when those
    services are not in use
    CLI configuration:
    config system mailserver
    set smtp-service enable|disable
    set pop3-service enable|disable
    set imap-service enable|disable

    23

    FortiMail Log Types


    The following types of log messages can be recorded:
    History
    Emails handled by the FortiMail unit

    Event
    System and admin related logs

    Antivirus
    Virus detection and inspection logs

    Antispam
    Spam related messages

    Encryption
    Encryption subsystem such as IBE and S/MIME

    24

    06-50000-0221-20130726

    12

    221 - FortiMail Email Filtering

    System Configuration

    Log Message Severity Levels

    Levels

    Description

    0 Emergency

    System unstable

    1 Alert

    Immediate action required

    2 Critical

    General functionality affected

    3 Error

    Error condition exists

    4 Warning

    Functionality could be affected

    5 Notification

    Notification about normal events

    7 Information

    General system operation

    25

    History Log Disposition and Classifier


    Disposition and Classifier are used to provide extra information
    regarding email processing
    Disposition defines the action taken by the FortiMail unit
    Classifier explains why such action was taken

    For a complete list of Dispositions and Classifiers, refer to the FortiMail


    Admin Guide
    26

    06-50000-0221-20130726

    13

    221 - FortiMail Email Filtering

    System Configuration

    Logging Storage
    Log messages can be
    logged to local disk
    (default option) or to a
    remote device (for
    example, FortiAnalyzer
    system, generic syslog)
    Different logging
    policies can be
    configured based on the
    logging location

    27

    Log Message Correlation


    Since different types of log files record different activities, the same
    SMTP session may be logged in different types of log files
    Click on the Session ID link to display all the logs generated for a
    specific SMTP session

    28

    06-50000-0221-20130726

    14

    221 - FortiMail Email Filtering

    System Configuration

    Reports
    Reports can be
    generated directly
    from the FortiMail Unit
    Generated reports
    appear in Monitor >
    Reports

    29

    SNMP
    SNMP agent can be enabled on the FortiMail unit to generate SNMP
    traps when certain system events or thresholds have been reached
    Up to three SNMP communities can be configured on the FortiMail unit

    30

    06-50000-0221-20130726

    15

    221 - FortiMail Email Filtering

    System Configuration

    SNMP Support
    SNMP message integrity, authentication and encryption

    SNMP v1, v2c

    SNMP v3

    31

    SNMP v3 Configuration

    32

    06-50000-0221-20130726

    16

    You might also like