Fortigate 100a

Does anyone know how to block email addresses on a Fortigate 100a firewall? Or if it is even possible?
Jerzak1976Asked:
Who is Participating?
 
ddsteamCommented:
It depends on whether your talking about emails "going to" or "coming from" a particular address.
Both are possible and there are two ways to accomplish it. This can not be done via the GUI though so you will need to connect to the CLI.

Let me explain both:

Method 1 - Using a Protection Profile:
config spamfilter mheader
 edit 1
   config entries
     edit 1
       set action spam
       set fieldbody "user@company.com"
       set fieldname "To"
       set pattern-type wildcard
     next
   end
end

config firewall profile
 edit <profile_name>
   set smtp spamhdrcheck block
 next
end

Open in new window

Note: You can add as many addresses as you like by simply creating as many of these as you like with the second "edit" field, eg: edit 1, edit 2, edit 3, etc.

Method 2 - Using a DLP Sensor:
config dlp rule
    edit "Rule_Name" <<<< Note: Change this accordingly.
        set protocol email
        set sub-protocol smtp
        set field sender <<<< Note: Change this accordingly.
        set regexp "*senders_address*" <<<< Note: Change this accordingly.
        set regexp-wildcard enable
    next
end

config dlp sensor
    edit "sensor_name" <<<< Note: Change this accordingly.
            config rule
                edit "Rule_Name" <<<< Note: Change this accordingly as specified in first step.
                    set action ban <<<< Note: If only a single address, use "ban-sender" instead.
                    set archive enable
                    set expiry 10m
                next
            end
        set dlp-log enable
    next
end

config firewall policy
    edit 2
        set srcintf "Source_Interface" <<<< Note: Change this accordingly.
        set dstintf "Dest_Interface" <<<< Note: Change this accordingly.
            set srcaddr "all" 
            set dstaddr "all"
        set action accept
        set utm-status enable
        set schedule "always"
            set service "ANY"
        set dlp-sensor "Sensor_Name" <<<< Note: Change this accordingly.
        set profile-protocol-options "default"
    next
end

Open in new window

0
 
Jerzak1976Author Commented:
I am looking to block particular emails coming in? Would I use method one?
Also I've tried method one in the CLI

Fortigate 100a# config spamfilter mheader
(mheader)# edit 1
(1)#
(1)# config entries
Unknown action 0

(1)#

(not sure what I am doing wrong)?
0
 
ddsteamCommented:
You may need to first issue an "edit entries". Try that first.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Jerzak1976Author Commented:
still no go getting the same error

Fortigate 100a# config spamfilter mheader
(mheader)# edit entries
invalid integer entries
value parse error before entries
Command fail. Return code -1
(mheader)# edit 1
(1)# edit entries
Unknown action 0

Again not sure where I am going wrong
0
 
ddsteamCommented:
Hmm, very odd. It definitely works on my test device. (In fairness I'm using a 110C but it should be the same.)
I'm wondering if it's perhaps a licensing issue.

Have you tried the DLP option by any chance?
0
 
Jerzak1976Author Commented:
I'll try the DLP option,  - this will stop emails from coming in?
0
 
ddsteamCommented:
Yes, both options essentially have the same end result.
0
 
Jerzak1976Author Commented:
Nope no good with that one either!

config dlp rule
command parse error before 'dlp'
command failed return code 1

All the licenses are up to date
0
 
ddsteamCommented:
Very strange indeed. I don't disagree that your licenses are up to date, I'm just wondering if this functionality perhaps requires a different license altogether.

You are more than welcome to recover the allocated points if you so wish.
Sorry my solution didn't help.
0
 
ddsteamCommented:
I found this link. Perhaps take a look, it seems to have a way to do this via the GUI.

http://www.gepanet.com/fg_Spam_Filter.pdf

Slightly older version but 4.0 should be fairly close. I currently have no access to my test device in order to confirm the validity but I'll test it tonight and let you know.
0
 
ddsteamCommented:
Here's the full Admin Guide.

http://www.retrevo.com/search/v2/jsp/downloadPage.jsp?doc=4cec1900b8a68db50c811bd1014e539b&modelid=22917305&q=Fortinet+FortiGate-100A

There's a section in there about blocking email addresses by defining it as a spam address.
(Search for "spam" and "BWL")
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.