Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 6.2.0 CLI Reference
    6.2.0
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    system encryption ibe

    system encryption ibe

    Use this command to configure, enable or disable Identity-Based Encryption (IBE) services, which control how secured mail recipients use the mail IBE function.

    Syntax

    config system encryption ibe

    set custom-user-control-status {enable | disable}

    set expire-emails <days_int>

    set expire-inactivity <days_int>

    set expire-passwd-reset <hours_int>

    set expire-registration <days_int>

    set read-notification {enable | disable}

    set secure-compose {enable | disable}

    set secure-reply {enable | disable}

    set secure-forward {enable | disable}

    set service-name <name_str>

    set status {enable | disable}

    set unread-days

    set unread-notif-rcpt

    set unread-notif-sender

    set unread-notification {enable | disable}

    set url-about <url_str>

    set url-base <url_str>

    set url-custom-user-control <url_str>

    set url-forgot-pwd <psw_str>

    set url-help <url_str>

    end

    Variable

    Description

    Default

    custom-user-control-status {enable | disable}

    If your corporation has its own user authentication tools, enable this option and enter the URL.

    Also configure url-custom-user-control and url-forgot-pwd.

    disable

    expire-emails <days_int>

    Enter the number of days that the secured mail will be saved on the FortiMail unit.

    180

    expire-inactivity <days_int>

    Enter the number of days the secured mail recipient can access the FortiMail unit without registration.
    For example, if you set the value to 30 days and if the mail recipient did not access the FortiMail unit for 30 days after they registers on the unit, the recipient will need to register again if another secured mail is sent to them. If the recipient accessed the FortiMail unit on the 15th days, the 30-day limit will be recalculated from the 15th day onwards.

    90

    expire-passwd-reset <hours_int>

    Enter the password reset expiry time in hours.
    This is for the recipients who have forgotten their login passwords and request for new ones. The secured mail recipient must reset their password within this time limit to access the FortiMail unit.

    24

    expire-registration <days_int>

    Enter the number of days that the secured mail recipient has to register on the FortiMail unit to view the mail before the registration expires. The starting date is the date when the FortiMail unit sends out the first notification to a mail recipient.

    30

    read-notification {enable | disable}

    Enable to send the read notification the first time the mail is read.

    disable

    secure-compose {enable | disable}

    Select to allow the secure mail recipient to compose an email. The FortiMail unit will use policies and mail delivery rules to determine if this mail needs to be encrypted.

    For encrypted email, the domain of the composed mail’s recipient must be a protected one, otherwise an error message will appear and the mail will not be delivered.

    disable

    secure-reply {enable | disable}

    Allow the secured mail recipient to reply to the email with encryption.

    disable

    secure-forward {enable | disable}

    Allow the secured mail recipient to forward the email with encryption

    disable

    service-name <name_str>

    Enter the name for the IBE service. This is the name the secured mail recipients will see once they access the FortiMail unit to view the mail.

    status {enable | disable}

    Enable the IBE service you have configured.

    disable

    unread-days

    Enter the unread days.

    unread-notif-rcpt

    Enable to send the unread notification to the recipient.

    disable

    unread-notif-sender

    Enable to send the unread notification to the sender.

    disable

    unread-notification {enable | disable}

    Enable to send the unread notification if the message remains unread for 14 days by default.

    disable

    url-about <url_str>

    You can create a file about the FortiMail IBE encryption and enter the URL for the file. The mail recipient can click the “About” link from the secure mail notification to view the file.

    If you leave this option empty, a link for a default file about the FortiMail IBE encryption will be added to the secure mail notification.

    url-base <url_str>

    Enter the FortiMail unit URL, for example, https://192.168.100.20, where a mail recipient can register or authenticate to access the secured mail.

    url-custom-user-control <url_str>

    Enter the URL where you can check for user existence. This command appears after you enable custom-user-control-status.

    url-forgot-pwd <psw_str>

    Enter the URL where users get authenticated. This command appears after you enable custom-user-control-status.

    url-help <url_str>

    You can create a help file on how to access the FortiMail secure email and enter the URL for the file. The mail recipient can click the “Help” link from the secure mail notification to view the file.

    If you leave this option empty, a default help file link will be added to the secure mail notification.

    Related topics

    system encryption ibe-auth

    Previous
    Next

    system encryption ibe

    system encryption ibe

    Use this command to configure, enable or disable Identity-Based Encryption (IBE) services, which control how secured mail recipients use the mail IBE function.

    Syntax

    config system encryption ibe

    set custom-user-control-status {enable | disable}

    set expire-emails <days_int>

    set expire-inactivity <days_int>

    set expire-passwd-reset <hours_int>

    set expire-registration <days_int>

    set read-notification {enable | disable}

    set secure-compose {enable | disable}

    set secure-reply {enable | disable}

    set secure-forward {enable | disable}

    set service-name <name_str>

    set status {enable | disable}

    set unread-days

    set unread-notif-rcpt

    set unread-notif-sender

    set unread-notification {enable | disable}

    set url-about <url_str>

    set url-base <url_str>

    set url-custom-user-control <url_str>

    set url-forgot-pwd <psw_str>

    set url-help <url_str>

    end

    Variable

    Description

    Default

    custom-user-control-status {enable | disable}

    If your corporation has its own user authentication tools, enable this option and enter the URL.

    Also configure url-custom-user-control and url-forgot-pwd.

    disable

    expire-emails <days_int>

    Enter the number of days that the secured mail will be saved on the FortiMail unit.

    180

    expire-inactivity <days_int>

    Enter the number of days the secured mail recipient can access the FortiMail unit without registration.
    For example, if you set the value to 30 days and if the mail recipient did not access the FortiMail unit for 30 days after they registers on the unit, the recipient will need to register again if another secured mail is sent to them. If the recipient accessed the FortiMail unit on the 15th days, the 30-day limit will be recalculated from the 15th day onwards.

    90

    expire-passwd-reset <hours_int>

    Enter the password reset expiry time in hours.
    This is for the recipients who have forgotten their login passwords and request for new ones. The secured mail recipient must reset their password within this time limit to access the FortiMail unit.

    24

    expire-registration <days_int>

    Enter the number of days that the secured mail recipient has to register on the FortiMail unit to view the mail before the registration expires. The starting date is the date when the FortiMail unit sends out the first notification to a mail recipient.

    30

    read-notification {enable | disable}

    Enable to send the read notification the first time the mail is read.

    disable

    secure-compose {enable | disable}

    Select to allow the secure mail recipient to compose an email. The FortiMail unit will use policies and mail delivery rules to determine if this mail needs to be encrypted.

    For encrypted email, the domain of the composed mail’s recipient must be a protected one, otherwise an error message will appear and the mail will not be delivered.

    disable

    secure-reply {enable | disable}

    Allow the secured mail recipient to reply to the email with encryption.

    disable

    secure-forward {enable | disable}

    Allow the secured mail recipient to forward the email with encryption

    disable

    service-name <name_str>

    Enter the name for the IBE service. This is the name the secured mail recipients will see once they access the FortiMail unit to view the mail.

    status {enable | disable}

    Enable the IBE service you have configured.

    disable

    unread-days

    Enter the unread days.

    unread-notif-rcpt

    Enable to send the unread notification to the recipient.

    disable

    unread-notif-sender

    Enable to send the unread notification to the sender.

    disable

    unread-notification {enable | disable}

    Enable to send the unread notification if the message remains unread for 14 days by default.

    disable

    url-about <url_str>

    You can create a file about the FortiMail IBE encryption and enter the URL for the file. The mail recipient can click the “About” link from the secure mail notification to view the file.

    If you leave this option empty, a link for a default file about the FortiMail IBE encryption will be added to the secure mail notification.

    url-base <url_str>

    Enter the FortiMail unit URL, for example, https://192.168.100.20, where a mail recipient can register or authenticate to access the secured mail.

    url-custom-user-control <url_str>

    Enter the URL where you can check for user existence. This command appears after you enable custom-user-control-status.

    url-forgot-pwd <psw_str>

    Enter the URL where users get authenticated. This command appears after you enable custom-user-control-status.

    url-help <url_str>

    You can create a help file on how to access the FortiMail secure email and enter the URL for the file. The mail recipient can click the “Help” link from the secure mail notification to view the file.

    If you leave this option empty, a default help file link will be added to the secure mail notification.

    Related topics

    system encryption ibe-auth

    Previous
    Next