Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiOS Carrier

MMS bulk anti-spam detection options

You can use the config flood and config dupe sections of the config firewall MMS-profile command to configure bulk email filtering options to detect and filter MM1 and MM4 message floods and duplicate messages. You can configure three thresholds that define a flood of message activity and three thresholds that define excessive duplicate messages. The configuration of each threshold includes the response actions to follow when the threshold is reached.

The configurable thresholds for each of the flood and duplicate sensors and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2. When each threshold is met, FortiOS Carrier performs the configured action for the specified duration.

You can also add MSISDNs to the bulk email filtering configuration and select a subset of the bulk email filtering options to apply to these individual MSISDNs.

Message flood configuration

Use the following command to configure the first threshold for MM1 and MM4 message flood protection.

config firewall mms-profile

edit <name>

config flood {mm1| mm4}

set status1 {disable | enable}

set window1 <window>

set limit1 <limit>

set action1 {block archive log archive-first alert-notif}

set block-time1 <time>

set status2 {disable | enable}

set window2 <window>

set limit2 <limit>

set action2 {block archive log archive-first alert-notif}

set block-time2 <time>

set status3 {disable | enable}

set window3 <window>

set limit3 <limit>

set action3 {block archive log archive-first alert-notif}

set block-time3 <time>

end

Option

Description

status1

status2

status3

Enable each option to apply an additional level of flood protection.

window1

window2

window3

Enter the period of time during which a message flood will be detected if limit1 is exceeded. The message flood window can be 1 to 2880 minutes (48 hours).

  • The default value of window1 is 60.
  • The default value of window2 is 70.
  • The default value of window1 is 80.

limit1

limit2

limit3

Enter the number of messages which signifies a message flood if exceeded within the window1 time.

action1

action2

action3

Select one or more actions to perform when a message flood is detected:

block Block user messages.

archive Content archive user messages.

log Log user messages.

archive-first Content archive only first message.

alert-notif Send an alert notification message.

block-time1

block-time2

block-time3

Enter the amount of time during which FortiOS performs the action after a message flood is detected.

Duplicate message detection

Use the following command to configure the first threshold for MM1 and MM4 duplicate message protection.

config firewall mms-profile

edit <name>

config dupe {mm1 | mm4}

set status1 {disable | enable}

set window1 <window>

set limit1 <limit>

set action1 {block archive log archive-first alert-notif}

set block-time1 <time>

set status2 {disable | enable}

set window2 <window>

set limit2 <limit>

set action2 {block archive log archive-first alert-notif}

set block-time2 <time>

set status3 {disable | enable}

set window3 <window>

set limit3 <limit>

set action3 {block archive log archive-first alert-notif}

set block-time3 <time>

end

The second and third thresholds have the same options except the keywords end with a 2 and 3 (for example, status2, status3, and so on).

status1

status2

status3

Enable each option to apply an additional level of duplicate message protection.

enable1

enable2

enable3

Enable the selected duplicate message threshold and to make the rest of the options available for configuration.

window1

window2

window3

Enter the period of time during which excessive message duplicates will be detected if the Duplicate message Limit it exceeded. The duplicate message

window can be 1 to 2880 minutes (48 hours).

  • The default value of window1 is 60.
  • The default value of window2 is 70.
  • The default value of window1 is 80.

limit1

limit2

limit3

Enter the number of messages which signifies excessive message duplicates if exceeded within the Duplicate Message Window.

action1

action2

action3

Select one or more actions that FortiOS is to perform when excessive message duplication is detected:

block Block user messages.

archive Content archive user messages.

log Log user messages.

archive-first Content archive only first message.

alert-notif Send an alert notification message.

block-time1

Enter the amount of time during which FortiOS performs the action excessive message duplication is detected.

Flood and duplicate message thresholds for individual MSISDNs

You can use the following command to send flood and duplication message threshold notifications to specific MSISDNs. You can use this option as another way to notify administrators of message floods or excessive numbers of duplication messages by sending text messages to their MSISDNs.

config firewall mms-profile

edit <name>

config notif-msisdn

edit <msisdn>

set threshold {dupe-thresh-1 dupe-thresh-2 dupe-thresh-3 flood-thresh-1 flood-thresh-2 flood-thresh-3}

end

<msisdn>

The recipient MSISDN.

flood-thresh-1

Send flood threshold 1 notifications to the recipient MSISDN.

flood-thresh-2

Send flood threshold 2 notifications to the recipient MSISDN.

flood-thresh-3

Send flood threshold 3 notifications to the recipient MSISDN.

dupe-thresh-1

Send duplicate threshold 1 notifications to the recipient MSISDN.

dupe-thresh-2

Send duplicate threshold 2 notifications to the recipient MSISDN.

dupe-thresh-3

Send duplicate threshold 3 notifications to the recipient MSISDN.

MMS bulk anti-spam detection options

You can use the config flood and config dupe sections of the config firewall MMS-profile command to configure bulk email filtering options to detect and filter MM1 and MM4 message floods and duplicate messages. You can configure three thresholds that define a flood of message activity and three thresholds that define excessive duplicate messages. The configuration of each threshold includes the response actions to follow when the threshold is reached.

The configurable thresholds for each of the flood and duplicate sensors and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2. When each threshold is met, FortiOS Carrier performs the configured action for the specified duration.

You can also add MSISDNs to the bulk email filtering configuration and select a subset of the bulk email filtering options to apply to these individual MSISDNs.

Message flood configuration

Use the following command to configure the first threshold for MM1 and MM4 message flood protection.

config firewall mms-profile

edit <name>

config flood {mm1| mm4}

set status1 {disable | enable}

set window1 <window>

set limit1 <limit>

set action1 {block archive log archive-first alert-notif}

set block-time1 <time>

set status2 {disable | enable}

set window2 <window>

set limit2 <limit>

set action2 {block archive log archive-first alert-notif}

set block-time2 <time>

set status3 {disable | enable}

set window3 <window>

set limit3 <limit>

set action3 {block archive log archive-first alert-notif}

set block-time3 <time>

end

Option

Description

status1

status2

status3

Enable each option to apply an additional level of flood protection.

window1

window2

window3

Enter the period of time during which a message flood will be detected if limit1 is exceeded. The message flood window can be 1 to 2880 minutes (48 hours).

  • The default value of window1 is 60.
  • The default value of window2 is 70.
  • The default value of window1 is 80.

limit1

limit2

limit3

Enter the number of messages which signifies a message flood if exceeded within the window1 time.

action1

action2

action3

Select one or more actions to perform when a message flood is detected:

block Block user messages.

archive Content archive user messages.

log Log user messages.

archive-first Content archive only first message.

alert-notif Send an alert notification message.

block-time1

block-time2

block-time3

Enter the amount of time during which FortiOS performs the action after a message flood is detected.

Duplicate message detection

Use the following command to configure the first threshold for MM1 and MM4 duplicate message protection.

config firewall mms-profile

edit <name>

config dupe {mm1 | mm4}

set status1 {disable | enable}

set window1 <window>

set limit1 <limit>

set action1 {block archive log archive-first alert-notif}

set block-time1 <time>

set status2 {disable | enable}

set window2 <window>

set limit2 <limit>

set action2 {block archive log archive-first alert-notif}

set block-time2 <time>

set status3 {disable | enable}

set window3 <window>

set limit3 <limit>

set action3 {block archive log archive-first alert-notif}

set block-time3 <time>

end

The second and third thresholds have the same options except the keywords end with a 2 and 3 (for example, status2, status3, and so on).

status1

status2

status3

Enable each option to apply an additional level of duplicate message protection.

enable1

enable2

enable3

Enable the selected duplicate message threshold and to make the rest of the options available for configuration.

window1

window2

window3

Enter the period of time during which excessive message duplicates will be detected if the Duplicate message Limit it exceeded. The duplicate message

window can be 1 to 2880 minutes (48 hours).

  • The default value of window1 is 60.
  • The default value of window2 is 70.
  • The default value of window1 is 80.

limit1

limit2

limit3

Enter the number of messages which signifies excessive message duplicates if exceeded within the Duplicate Message Window.

action1

action2

action3

Select one or more actions that FortiOS is to perform when excessive message duplication is detected:

block Block user messages.

archive Content archive user messages.

log Log user messages.

archive-first Content archive only first message.

alert-notif Send an alert notification message.

block-time1

Enter the amount of time during which FortiOS performs the action excessive message duplication is detected.

Flood and duplicate message thresholds for individual MSISDNs

You can use the following command to send flood and duplication message threshold notifications to specific MSISDNs. You can use this option as another way to notify administrators of message floods or excessive numbers of duplication messages by sending text messages to their MSISDNs.

config firewall mms-profile

edit <name>

config notif-msisdn

edit <msisdn>

set threshold {dupe-thresh-1 dupe-thresh-2 dupe-thresh-3 flood-thresh-1 flood-thresh-2 flood-thresh-3}

end

<msisdn>

The recipient MSISDN.

flood-thresh-1

Send flood threshold 1 notifications to the recipient MSISDN.

flood-thresh-2

Send flood threshold 2 notifications to the recipient MSISDN.

flood-thresh-3

Send flood threshold 3 notifications to the recipient MSISDN.

dupe-thresh-1

Send duplicate threshold 1 notifications to the recipient MSISDN.

dupe-thresh-2

Send duplicate threshold 2 notifications to the recipient MSISDN.

dupe-thresh-3

Send duplicate threshold 3 notifications to the recipient MSISDN.