Fortigate 100a

Does anyone know how to block email addresses on a Fortigate 100a firewall? Or if it is even possible?
Jerzak1976Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ddsteamCommented:
It depends on whether your talking about emails "going to" or "coming from" a particular address.
Both are possible and there are two ways to accomplish it. This can not be done via the GUI though so you will need to connect to the CLI.

Let me explain both:

Method 1 - Using a Protection Profile:
config spamfilter mheader
 edit 1
   config entries
     edit 1
       set action spam
       set fieldbody "user@company.com"
       set fieldname "To"
       set pattern-type wildcard
     next
   end
end

config firewall profile
 edit <profile_name>
   set smtp spamhdrcheck block
 next
end

Open in new window

Note: You can add as many addresses as you like by simply creating as many of these as you like with the second "edit" field, eg: edit 1, edit 2, edit 3, etc.

Method 2 - Using a DLP Sensor:
config dlp rule
    edit "Rule_Name" <<<< Note: Change this accordingly.
        set protocol email
        set sub-protocol smtp
        set field sender <<<< Note: Change this accordingly.
        set regexp "*senders_address*" <<<< Note: Change this accordingly.
        set regexp-wildcard enable
    next
end

config dlp sensor
    edit "sensor_name" <<<< Note: Change this accordingly.
            config rule
                edit "Rule_Name" <<<< Note: Change this accordingly as specified in first step.
                    set action ban <<<< Note: If only a single address, use "ban-sender" instead.
                    set archive enable
                    set expiry 10m
                next
            end
        set dlp-log enable
    next
end

config firewall policy
    edit 2
        set srcintf "Source_Interface" <<<< Note: Change this accordingly.
        set dstintf "Dest_Interface" <<<< Note: Change this accordingly.
            set srcaddr "all" 
            set dstaddr "all"
        set action accept
        set utm-status enable
        set schedule "always"
            set service "ANY"
        set dlp-sensor "Sensor_Name" <<<< Note: Change this accordingly.
        set profile-protocol-options "default"
    next
end

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jerzak1976Author Commented:
I am looking to block particular emails coming in? Would I use method one?
Also I've tried method one in the CLI

Fortigate 100a# config spamfilter mheader
(mheader)# edit 1
(1)#
(1)# config entries
Unknown action 0

(1)#

(not sure what I am doing wrong)?
0
ddsteamCommented:
You may need to first issue an "edit entries". Try that first.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jerzak1976Author Commented:
still no go getting the same error

Fortigate 100a# config spamfilter mheader
(mheader)# edit entries
invalid integer entries
value parse error before entries
Command fail. Return code -1
(mheader)# edit 1
(1)# edit entries
Unknown action 0

Again not sure where I am going wrong
0
ddsteamCommented:
Hmm, very odd. It definitely works on my test device. (In fairness I'm using a 110C but it should be the same.)
I'm wondering if it's perhaps a licensing issue.

Have you tried the DLP option by any chance?
0
Jerzak1976Author Commented:
I'll try the DLP option,  - this will stop emails from coming in?
0
ddsteamCommented:
Yes, both options essentially have the same end result.
0
Jerzak1976Author Commented:
Nope no good with that one either!

config dlp rule
command parse error before 'dlp'
command failed return code 1

All the licenses are up to date
0
ddsteamCommented:
Very strange indeed. I don't disagree that your licenses are up to date, I'm just wondering if this functionality perhaps requires a different license altogether.

You are more than welcome to recover the allocated points if you so wish.
Sorry my solution didn't help.
0
ddsteamCommented:
I found this link. Perhaps take a look, it seems to have a way to do this via the GUI.

http://www.gepanet.com/fg_Spam_Filter.pdf

Slightly older version but 4.0 should be fairly close. I currently have no access to my test device in order to confirm the validity but I'll test it tonight and let you know.
0
ddsteamCommented:
Here's the full Admin Guide.

http://www.retrevo.com/search/v2/jsp/downloadPage.jsp?doc=4cec1900b8a68db50c811bd1014e539b&modelid=22917305&q=Fortinet+FortiGate-100A

There's a section in there about blocking email addresses by defining it as a spam address.
(Search for "spam" and "BWL")
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.