DOCUMENT LIBRARY

Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability modes
- FortiMail management methods
Setting up FortiMail system
- Connecting to the web UI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- View threat statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing generated reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, replacement messages, email templates, SSO, and Security Fabric
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services
- System maintenance
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Managing the address book (server mode only)
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and antispam action profiles
- Configuring antivirus profiles and antivirus action profiles
- Configuring content profiles and content action profiles
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring the FortiGuard URL filter
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring endpoint reputation
- Training and maintaining the Bayesian databases
- Adding file signatures
- Configuring action profile preferences
- Configuring adult image analysis
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating mail statistic reports
- Configuring alert email
Microsoft 365 threat remediation
- Microsoft 365 protection workflow
- Configuring Microsoft 365 accounts
- Configuring profiles
- Configuring scanning policies
- Monitoring log messages
Installing firmware
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Examples
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change log

Home FortiMail 6.4.8 Administration Guide

6.4.8

Defining the sensitive data

Sensitive data can be any of the following types:

User-defined: specify what information should be checked, such as a word, a phrase, or a regular expression.
Predefined: for your convenience, FortiMail comes with a list of predefined information types, such as credit card numbers and SIN numbers. To view the predefined sensitive data, go to Data Loss Prevention > Sensitive Data > Standard Compliance.
Document fingerprints: see DLP document fingerprinting.
File filters: these are the same file filters you use in the content profiles. See Configuring file filters.

DLP document fingerprinting

One of the DLP techniques to detect sensitive data is fingerprinting (also called document fingerprinting). Most DLP techniques rely on you providing a characteristic of the file you want to detect, whether it’s the file type, the file name, or part of the file contents. Fingerprinting is different in that you provide the file itself. The FortiMail unit then generates a checksum fingerprint and stores it. The FortiMail unit generates a fingerprint for all email attachments, and compares it to all of the fingerprints stored in its fingerprint database. If a match is found, the configured action is taken.

PDF and Microsoft/Open Office files can be detected by DLP fingerprinting and fingerprints can be saved for each revision of your files as they are updated.

The FortiMail unit must have access to the documents for which it generates fingerprints. There are two methods to generate fingerprints:

One method is to manually upload documents to be fingerprinted directly to the FortiMail unit.
The other is to allow the FortiMail unit to access a network share that contains the documents to be fingerprinted.

If only a few documents are to be fingerprinted, a manual upload may be the easiest solution. If many documents require fingerprinting, or if the fingerprinted documents are frequently revised, using a network share makes user access easier to manage.

When you generate document fingerprints, only MS Office, Open Office, and PDF files with a minimum of 50 characters are supported.

To configure manual document fingerprints

Go to Data Loss Prevention > Sensitive Data > Fingerprint.
Click New and configure the following:

GUI item	Description
Name	Enter a descriptive name for the fingerprint.
Description	Optionally enter a description.
File list	Click New to browse to the file and generate a fingerprint for it. In the Fingerprint Status column, one of the following status will be displayed: To be generated - The status when you've uploaded the file to the Fingerprint list before clicking the Create button. Being generated: The status when the fingerprint generating process is executing. Generated - The fingerprint has been generated. Not generated - No fingerprint has been generated for the file because there is not enough text or the fingerprint is being generated File type not supported - The file type is not supported to generated fingerprint.

To configure a fingerprint document source

Go to Data Loss Prevention > Sensitive Data > Fingerprint Source.
Click New and configure the following:

GUI item	Description
Name	Enter a descriptive name for the document source.
Server type	This refers to the type of server share that is being accessed. The default is SMB/CIFS (Windows Share protocol) but this will also work on Samba shares.
Server address	Enter the IP address of the server.
User name	Enter the user name of the account the FortiMail unit uses to access the server network share.
Password	Enter the password of the account the FortiMail unit uses to access the server network share.
Path	Enter the path to the document folder.
File pattern	You may enter a filename pattern to restrict fingerprinting to only those files that match the pattern. To fingerprint all files, enter an asterisk (“*”).
Checking period	Check the files document source daily if the files are added or changed regularly.
Advanced
Fingerprint files in subdirectories	By default, only the files in the specified path are fingerprinted. Files in subdirectories are ignored. Select this option to fingerprint files in subdirectories of the specified path.
Remove fingerprints for detected files	Select this option to retain the fingerprints of files deleted from the document source. If this option is disabled, fingerprints for deleted files will be removed when the document source is scanned next time.
Keep previous fingerprints for modified files	Select this option to retain the fingerprints of previous revisions of updated files. If this option is disabled, fingerprints for previous version of files will be deleted when a new fingerprint is generated.