Example 3: FortiMail unit for an ISP or carrier Transparent mode deployment
FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
134 Revision 2
http://docs.fortinet.com/ • Feedback
5 In the Access area, disable all administrative access protocols, including HTTPS,
SSH, and PING.
6 In the Administrative Status area, select Up.
7 Select OK.
Repeat this procedure for port3.
Configuring the session profiles
When configuring the protected domain and session profiles, you can select transparency,
encryption, authentication, and antispam IP-based reputation settings that will be applied
by an IP-based policy.
In this deployment example, two session profiles are configured:
• a profile for connections from subscribers
• a profile for connections from SMTP clients on the external network
Each profile will be applied in the IP-based policy that governs connections from either the
subsurface or external network.
In both profiles, TLS-encrypted connections will not be allowed in order to prevent viruses
from entering or leaving the subscriber network, since encrypted connections cannot be
scanned. Authentication will also be required to prevent spammers from connecting to
open relays. No protected domains are configured, and so transparency will be configured
through the session profiles alone. This will hide the existence of the FortiMail unit to all
SMTP clients.
Because subscribers use dynamic IP addresses, instead of sender reputation, MSISDN
reputation is used in the subscribers’ session profile to score their trustworthiness.
MSISDN reputation scans use RADIUS accounting notices from your RADIUS server to
map subscriber end point identifiers or MSISDNs to their current IP address. Subscribers
who have a reputation for sending spam or viruses will be blocked, thereby reducing the
risk that your public IP addresses could be blacklisted by DNS black list (DNSBL)
services.
Sender reputation, which functions best with static IP addresses and does not require a
RADIUS server, will be used in the external networks’ session profile to score SMTP
clients on external networks. This will help to prevent viruses and spam from reaching
your subscribers.
To configure the session profile for connections from external SMTP clients
1 Go to Profile > Session in the advanced mode of the web-based manager.
2 Select New.
3 In Profile Name, type a name for the session profile, such as
external_session_profile.
4 Configure the following:
Note: Many additional antispam and antivirus options are available. For details, see the
FortiMail Administration Guide.
To Next Page
Loading...
Need help?
General