Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring email, IP and GeoIP groups

The Profile > Group tab displays the list of email and IP group profiles.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Policy category.

For details, see About administrator account permissions and domains.

Configuring email groups

Email groups include groups of email addresses that can be used when configuring access control rules and recipient-based policies. For information about access control rules and polices, see Configuring access control rules and Controlling email based on sender and recipient addresses.

To configure email groups
  1. Go to Profile > Group > Email Group.
  2. Either click New to add a profile or double-click a profile to modify it. The profile name is editable.
  3. A dialog appears.

  4. For a new group, enter a name for this email group.
  5. The name must contain only alphanumeric characters. Spaces are not allowed.

  6. In New member, enter the email address of a group member and click -> to move the address to the Current members field.
  7. You can also use wildcards to enter partial patterns that can match multiple email addresses. The asterisk represents one or more characters and the question mark (?) represents any single character.

    For example, the pattern ??@*.com will match any email user with a two letter email user name from any “.com” domain name.

    Note

    To remove a member’s email address, select the address in the Current members field and click <-.

  8. Click Create or OK.

Configuring IP groups

IP groups include groups of IP addresses that can be used when configuring access control rules and IP-based policies. For information about access control rules and polices, see Configuring access control rules and Controlling email based on IP addresses.

To configure an IP group
  1. Go to Profile > Group > IP Group.
  2. Either click New to add a profile or double-click profile to modify it.
  3. A dialog appears.

  4. For a new group, enter a name in Group name.
  5. The name must contain only alphanumeric characters. Spaces are not allowed.

  6. Under IP Groups, click New.
  7. A field appears under IP/Netmask or IP Range.

  8. Enter the IP address and netmask of the group, or the IP range. Use the netmask, the portion after the slash (/), to specify the matching subnet.
  9. For example, enter 10.10.10.10/24 to match a 24-bit subnet, or all addresses starting with 10.10.10. This will appear as 10.10.10.0/24 in the access control rule table, with the 0 indicating that any value is matched in that position of the address.

    Similarly, 10.10.10.10/32 will appear as 10.10.10.10/32 and match only the 10.10.10.10 address.

    To match any address, enter 0.0.0.0/0.

  10. Click Create.

Configuring GeoIP groups

Starting from 6.2 release, FortiMail utilizes the GeoIP database to map the geolocations of client IP addresses. You can use GeoIP groups in access control rules and IP-based policies to geo-targeting spam and virus devices. For information about access control rules and polices, see Configuring access control rules and Controlling email based on IP addresses.

You can also override geolocation mappings that may not be correct in the GeoIP database. For details, see Configuring GeoIP Override.

To configure a GeoIP group
  1. Go to Profile > Group > GeoIP Group.
  2. Either click New to add a profile or double-click profile to modify it.
  3. A dialog appears.

  4. For a new group, enter a name in Group name.
  5. The name must contain only alphanumeric characters. Spaces are not allowed.

  6. Optionally enter a comment.
  7. If you want to create a group to include all countries and regions, enable this option and click Create. Otherwise, disable this option and move the available countries, regions, or override groups to the member list, and click Create. You can have a maximum of 30 countries/regions in one group.

Configuring email, IP and GeoIP groups

The Profile > Group tab displays the list of email and IP group profiles.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Policy category.

For details, see About administrator account permissions and domains.

Configuring email groups

Email groups include groups of email addresses that can be used when configuring access control rules and recipient-based policies. For information about access control rules and polices, see Configuring access control rules and Controlling email based on sender and recipient addresses.

To configure email groups
  1. Go to Profile > Group > Email Group.
  2. Either click New to add a profile or double-click a profile to modify it. The profile name is editable.
  3. A dialog appears.

  4. For a new group, enter a name for this email group.
  5. The name must contain only alphanumeric characters. Spaces are not allowed.

  6. In New member, enter the email address of a group member and click -> to move the address to the Current members field.
  7. You can also use wildcards to enter partial patterns that can match multiple email addresses. The asterisk represents one or more characters and the question mark (?) represents any single character.

    For example, the pattern ??@*.com will match any email user with a two letter email user name from any “.com” domain name.

    Note

    To remove a member’s email address, select the address in the Current members field and click <-.

  8. Click Create or OK.

Configuring IP groups

IP groups include groups of IP addresses that can be used when configuring access control rules and IP-based policies. For information about access control rules and polices, see Configuring access control rules and Controlling email based on IP addresses.

To configure an IP group
  1. Go to Profile > Group > IP Group.
  2. Either click New to add a profile or double-click profile to modify it.
  3. A dialog appears.

  4. For a new group, enter a name in Group name.
  5. The name must contain only alphanumeric characters. Spaces are not allowed.

  6. Under IP Groups, click New.
  7. A field appears under IP/Netmask or IP Range.

  8. Enter the IP address and netmask of the group, or the IP range. Use the netmask, the portion after the slash (/), to specify the matching subnet.
  9. For example, enter 10.10.10.10/24 to match a 24-bit subnet, or all addresses starting with 10.10.10. This will appear as 10.10.10.0/24 in the access control rule table, with the 0 indicating that any value is matched in that position of the address.

    Similarly, 10.10.10.10/32 will appear as 10.10.10.10/32 and match only the 10.10.10.10 address.

    To match any address, enter 0.0.0.0/0.

  10. Click Create.

Configuring GeoIP groups

Starting from 6.2 release, FortiMail utilizes the GeoIP database to map the geolocations of client IP addresses. You can use GeoIP groups in access control rules and IP-based policies to geo-targeting spam and virus devices. For information about access control rules and polices, see Configuring access control rules and Controlling email based on IP addresses.

You can also override geolocation mappings that may not be correct in the GeoIP database. For details, see Configuring GeoIP Override.

To configure a GeoIP group
  1. Go to Profile > Group > GeoIP Group.
  2. Either click New to add a profile or double-click profile to modify it.
  3. A dialog appears.

  4. For a new group, enter a name in Group name.
  5. The name must contain only alphanumeric characters. Spaces are not allowed.

  6. Optionally enter a comment.
  7. If you want to create a group to include all countries and regions, enable this option and click Create. Otherwise, disable this option and move the available countries, regions, or override groups to the member list, and click Create. You can have a maximum of 30 countries/regions in one group.