Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Carrier

    6.2.13
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.6
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.9
    5.6.0

    MMS bulk anti-spam detection options

    MMS bulk anti-spam detection options

    You can use the config flood and config dupe sections of the config firewall MMS-profile command to configure bulk email filtering options to detect and filter MM1 and MM4 message floods and duplicate messages. You can configure three thresholds that define a flood of message activity and three thresholds that define excessive duplicate messages. The configuration of each threshold includes the response actions to follow when the threshold is reached.

    The configurable thresholds for each of the flood and duplicate sensors and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2. When each threshold is met, FortiOS Carrier performs the configured action for the specified duration.

    You can also add MSISDNs to the bulk email filtering configuration and select a subset of the bulk email filtering options to apply to these individual MSISDNs.

    Message flood configuration

    Use the following command to configure the first threshold for MM1 and MM4 message flood protection.

    config firewall mms-profile

    edit <name>

    config flood {mm1| mm4}

    set status1 {disable | enable}

    set window1 <window>

    set limit1 <limit>

    set action1 {block archive log archive-first alert-notif}

    set block-time1 <time>

    set status2 {disable | enable}

    set window2 <window>

    set limit2 <limit>

    set action2 {block archive log archive-first alert-notif}

    set block-time2 <time>

    set status3 {disable | enable}

    set window3 <window>

    set limit3 <limit>

    set action3 {block archive log archive-first alert-notif}

    set block-time3 <time>

    end

    Option

    Description

    status1

    status2

    status3

    		 Enable each option to apply an additional level of flood protection.

    window1

    window2

    window3

    Enter the period of time during which a message flood will be detected if limit1 is exceeded. The message flood window can be 1 to 2880 minutes (48 hours).

    • The default value of window1 is 60.
    • The default value of window2 is 70.
    • The default value of window1 is 80.

    limit1

    limit2

    limit3

    		 Enter the number of messages which signifies a message flood if exceeded within the window1 time.

    action1

    action2

    action3

    Select one or more actions to perform when a message flood is detected:

    block Block user messages.

    archive Content archive user messages.

    log Log user messages.

    archive-first Content archive only first message.

    alert-notif Send an alert notification message.

    block-time1

    block-time2

    block-time3

    		 Enter the amount of time during which FortiOS performs the action after a message flood is detected.

    Duplicate message detection

    Use the following command to configure the first threshold for MM1 and MM4 duplicate message protection.

    config firewall mms-profile

    edit <name>

    config dupe {mm1 | mm4}

    set status1 {disable | enable}

    set window1 <window>

    set limit1 <limit>

    set action1 {block archive log archive-first alert-notif}

    set block-time1 <time>

    set status2 {disable | enable}

    set window2 <window>

    set limit2 <limit>

    set action2 {block archive log archive-first alert-notif}

    set block-time2 <time>

    set status3 {disable | enable}

    set window3 <window>

    set limit3 <limit>

    set action3 {block archive log archive-first alert-notif}

    set block-time3 <time>

    end

    The second and third thresholds have the same options except the keywords end with a 2 and 3 (for example, status2, status3, and so on).

    status1

    status2

    status3

    		 Enable each option to apply an additional level of duplicate message protection.

    enable1

    enable2

    enable3

    		 Enable the selected duplicate message threshold and to make the rest of the options available for configuration.

    window1

    window2

    window3

    Enter the period of time during which excessive message duplicates will be detected if the Duplicate message Limit it exceeded. The duplicate message

    window can be 1 to 2880 minutes (48 hours).

    • The default value of window1 is 60.
    • The default value of window2 is 70.
    • The default value of window1 is 80.

    limit1

    limit2

    limit3

    		 Enter the number of messages which signifies excessive message duplicates if exceeded within the Duplicate Message Window.

    action1

    action2

    action3

    Select one or more actions that FortiOS is to perform when excessive message duplication is detected:

    block Block user messages.

    archive Content archive user messages.

    log Log user messages.

    archive-first Content archive only first message.

    alert-notif Send an alert notification message.

    block-time1

    		 Enter the amount of time during which FortiOS performs the action excessive message duplication is detected.

    Flood and duplicate message thresholds for individual MSISDNs

    You can use the following command to send flood and duplication message threshold notifications to specific MSISDNs. You can use this option as another way to notify administrators of message floods or excessive numbers of duplication messages by sending text messages to their MSISDNs.

    config firewall mms-profile

    edit <name>

    config notif-msisdn

    edit <msisdn>

    set threshold {dupe-thresh-1 dupe-thresh-2 dupe-thresh-3 flood-thresh-1 flood-thresh-2 flood-thresh-3}

    end

    <msisdn>

    		 The recipient MSISDN.

    flood-thresh-1

    		 Send flood threshold 1 notifications to the recipient MSISDN.

    flood-thresh-2

    		 Send flood threshold 2 notifications to the recipient MSISDN.

    flood-thresh-3

    		 Send flood threshold 3 notifications to the recipient MSISDN.

    dupe-thresh-1

    		 Send duplicate threshold 1 notifications to the recipient MSISDN.

    dupe-thresh-2

    		 Send duplicate threshold 2 notifications to the recipient MSISDN.

    dupe-thresh-3

    		 Send duplicate threshold 3 notifications to the recipient MSISDN.
    Previous
    Next

    MMS bulk anti-spam detection options

    MMS bulk anti-spam detection options

    You can use the config flood and config dupe sections of the config firewall MMS-profile command to configure bulk email filtering options to detect and filter MM1 and MM4 message floods and duplicate messages. You can configure three thresholds that define a flood of message activity and three thresholds that define excessive duplicate messages. The configuration of each threshold includes the response actions to follow when the threshold is reached.

    The configurable thresholds for each of the flood and duplicate sensors and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2. When each threshold is met, FortiOS Carrier performs the configured action for the specified duration.

    You can also add MSISDNs to the bulk email filtering configuration and select a subset of the bulk email filtering options to apply to these individual MSISDNs.

    Message flood configuration

    Use the following command to configure the first threshold for MM1 and MM4 message flood protection.

    config firewall mms-profile

    edit <name>

    config flood {mm1| mm4}

    set status1 {disable | enable}

    set window1 <window>

    set limit1 <limit>

    set action1 {block archive log archive-first alert-notif}

    set block-time1 <time>

    set status2 {disable | enable}

    set window2 <window>

    set limit2 <limit>

    set action2 {block archive log archive-first alert-notif}

    set block-time2 <time>

    set status3 {disable | enable}

    set window3 <window>

    set limit3 <limit>

    set action3 {block archive log archive-first alert-notif}

    set block-time3 <time>

    end

    Option

    Description

    status1

    status2

    status3

    		 Enable each option to apply an additional level of flood protection.

    window1

    window2

    window3

    Enter the period of time during which a message flood will be detected if limit1 is exceeded. The message flood window can be 1 to 2880 minutes (48 hours).

    • The default value of window1 is 60.
    • The default value of window2 is 70.
    • The default value of window1 is 80.

    limit1

    limit2

    limit3

    		 Enter the number of messages which signifies a message flood if exceeded within the window1 time.

    action1

    action2

    action3

    Select one or more actions to perform when a message flood is detected:

    block Block user messages.

    archive Content archive user messages.

    log Log user messages.

    archive-first Content archive only first message.

    alert-notif Send an alert notification message.

    block-time1

    block-time2

    block-time3

    		 Enter the amount of time during which FortiOS performs the action after a message flood is detected.

    Duplicate message detection

    Use the following command to configure the first threshold for MM1 and MM4 duplicate message protection.

    config firewall mms-profile

    edit <name>

    config dupe {mm1 | mm4}

    set status1 {disable | enable}

    set window1 <window>

    set limit1 <limit>

    set action1 {block archive log archive-first alert-notif}

    set block-time1 <time>

    set status2 {disable | enable}

    set window2 <window>

    set limit2 <limit>

    set action2 {block archive log archive-first alert-notif}

    set block-time2 <time>

    set status3 {disable | enable}

    set window3 <window>

    set limit3 <limit>

    set action3 {block archive log archive-first alert-notif}

    set block-time3 <time>

    end

    The second and third thresholds have the same options except the keywords end with a 2 and 3 (for example, status2, status3, and so on).

    status1

    status2

    status3

    		 Enable each option to apply an additional level of duplicate message protection.

    enable1

    enable2

    enable3

    		 Enable the selected duplicate message threshold and to make the rest of the options available for configuration.

    window1

    window2

    window3

    Enter the period of time during which excessive message duplicates will be detected if the Duplicate message Limit it exceeded. The duplicate message

    window can be 1 to 2880 minutes (48 hours).

    • The default value of window1 is 60.
    • The default value of window2 is 70.
    • The default value of window1 is 80.

    limit1

    limit2

    limit3

    		 Enter the number of messages which signifies excessive message duplicates if exceeded within the Duplicate Message Window.

    action1

    action2

    action3

    Select one or more actions that FortiOS is to perform when excessive message duplication is detected:

    block Block user messages.

    archive Content archive user messages.

    log Log user messages.

    archive-first Content archive only first message.

    alert-notif Send an alert notification message.

    block-time1

    		 Enter the amount of time during which FortiOS performs the action excessive message duplication is detected.

    Flood and duplicate message thresholds for individual MSISDNs

    You can use the following command to send flood and duplication message threshold notifications to specific MSISDNs. You can use this option as another way to notify administrators of message floods or excessive numbers of duplication messages by sending text messages to their MSISDNs.

    config firewall mms-profile

    edit <name>

    config notif-msisdn

    edit <msisdn>

    set threshold {dupe-thresh-1 dupe-thresh-2 dupe-thresh-3 flood-thresh-1 flood-thresh-2 flood-thresh-3}

    end

    <msisdn>

    		 The recipient MSISDN.

    flood-thresh-1

    		 Send flood threshold 1 notifications to the recipient MSISDN.

    flood-thresh-2

    		 Send flood threshold 2 notifications to the recipient MSISDN.

    flood-thresh-3

    		 Send flood threshold 3 notifications to the recipient MSISDN.

    dupe-thresh-1

    		 Send duplicate threshold 1 notifications to the recipient MSISDN.

    dupe-thresh-2

    		 Send duplicate threshold 2 notifications to the recipient MSISDN.

    dupe-thresh-3

    		 Send duplicate threshold 3 notifications to the recipient MSISDN.
    Previous
    Next