Configuring FortiGuard services
FortiMail uses Fortinet FortiGuard antivirus, antispam, and URL protection services.
Go to System > FortiGuard > License to view your current licenses and service status, and go to System > FortiGuard > Licensed Feature to view the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and FortiGuard antispam definitions (antispam heuristic rules).
FortiMail units receive updates from the FortiGuard Distribution Network (FDN), a world-wide network of FortiGuard Distribution Servers (FDS). FortiMail units connect to the FDN by connecting to the FDS nearest to the FortiMail unit by its configured time zone.
In addition to manual update requests, FortiMail units support two kinds of automatic update mechanisms:
- scheduled updates, by which the FortiMail unit periodically polls the FDN to determine if there are any available updates
- push updates, by which the FDN notifies FortiMail units when updates become available
You may want to configure both scheduled and push updates. In this way, if the network experiences temporary problems such as connectivity issues that interfere with either method, the other method may still provide your FortiMail unit with updated protection. You can alternatively manually update the FortiMail unit by uploading an update file by going to Dashboard > Status and click Update under License Information. |
For FortiGuard Antispam and FortiGuard Antivirus update connectivity requirements and troubleshooting information, see Troubleshoot FortiGuard connection issues.
This section contains the following topics:
- Configuring FortiGuard antivirus service
- Configuring FortiGuard antispam service
- Configuring licensed features
Configuring FortiGuard antivirus service
You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard antivirus engine and antivirus definitions.
You can use push updates or manually initiate updates as alternatives or in conjunction with scheduled updates. If protection from the latest viral threats is a high priority, you could configure both scheduled updates and push updates, using scheduled updates as a failover method to increase the likelihood that the FortiMail unit always retrieves periodic updates if connectivity is interrupted during a push notification. While using only scheduled updates could potentially leave your network vulnerable to a new virus, it minimizes short disruptions to antivirus scans that can occur if the FortiMail unit applies push updates during peak volume times.
For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.
Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server.
To configure FortiGuard antivirus options
- Go to System > FortiGuard > AntiVirus.
- Configure the following and then click Apply.
See also
Configuring FortiGuard services
Troubleshoot FortiGuard connection issues
Configuring FortiGuard antivirus service
Troubleshoot FortiGuard connection issues
Manually requesting updates
You can manually trigger the FortiMail unit to connect to the FDN or override server to request available updates for its FortiGuard antivirus packages.
You can manually initiate updates as an alternative or in addition to other update methods.
To manually request updates
Before manually initiating an update, first verify that the FortiMail unit can connect to the FDN or override server.
- Go to System > FortiGuard > AntiVirus.
- Click Update Now.
- After a few minutes, click the System > FortiGuard > Licensed Feature tab to check the update status. If an update was available, new version numbers appear for the packages that were updated. If you have enabled logging, messages are recorded to the event log indicating whether the update was successful or not. For details, see Logs, reports and alerts.
Updating FortiGuard Antivirus definitions can cause a short disruption in traffic currently being scanned while the FortiMail unit applies the new signature database. To minimize disruptions, update when traffic is light, such as during the night. |
Configuring FortiGuard antispam service
You can connect to FDN to use its antispam service. You can also use your own override server, such as a FortiManager unit, to get the antispam service.
To configure the FortiGuard antispam options
- Go to System > FortiGuard > AntiSpam.
- Under FortiGuard AntiSpam, verify that Enable service is enabled. Also specify the FortiGuard server port (53 or 8888. The default number is 53) and protocol (UDP or HTTPS).
- Specify a spam outbreak protection level. Higher level means more strict filtering. This feature temporarily hold email for a certain period of time (spam outbreak protection period) if the enabled FortiGuard antispam check (block IP and/or URL filter) returns no result (see Configuring FortiGuard options). After the specified time interval, FortiMail will query the FortiGuard server for the second time. This provides an opportunity for the FortiGuard antispam service to update its database in cases a spam outbreak occurs.
- If you want to use an override server, such as a local FortiManager unit, instead of the default FDN server, specify it by enabling the option and entering the server address.
- Optionally enable cache and specify the cache TTL time. Enabling cache can improve performance.
- Use FortiGuard servers either in U.S. only or in any locations in the world.
- Click Apply.
Manually querying FortiGuard antispam service
For testing or any other purposes, you may want to manually query the FortiGuard antispam service by entering an IP address, URL, or a Hash value of an email message.
To query FortiGuard antispam service
- Go to System > FortiGuard > Licensed Feature.
- Enter an IP, URL or hash value of an email message.
- Click Query.
- Verify that the DNS servers contain A records to resolve
service.fortiguard.net
and other FDN servers. To try to obtain additional insight into the cause of the query failure, manually perform a DNS query from the FortiMail unit using the following CLI command: - Verify that:
If the query is successful, the Query result field will display if the IP/URL is spam or unknown (not spam).
If the query is unsuccessful, the Query result field will display No response. In this case, you can use the following tips to troubleshoot the issue.
If the FortiMail unit can reach the DNS server, but cannot successfully resolve the domain name of the FDN, a message appears notifying you that a DNS error occurred.
DNS error when resolving the FortiGuard Antispam domain name
execute nslookup name service.fortiguard.net
If the FortiMail unit cannot successfully connect, or if your FortiGuard Antispam license does not exist or has expired, a message appears notifying you that a connection error occurred.
Connection error when verifying FortiGuard Antispam connectivity
- this is no proxy in between FortiMail and the FDN server.
- your FortiGuard Antispam license is valid and currently active
- the default route (located in System > Network > Routing) is correctly configured
- the FortiMail unit can connect to the DNS servers (located in System > Network > DNS) and to the FDN servers
- firewalls between the FortiMail unit and the Internet or override server allow FortiGuard Antispam rating query traffic.
The default port number for FortiGuard antispam query is UDP port 53 in v4.0. Prior to v4.0, the port number was 8889.
execute traceroute <address_ipv4>
where <address_ipv4>
is the IP address of the DNS server or FDN server.
When query connectivity is successful, antispam profiles can use the FortiGuard option.
You can use the antispam log to monitor for subsequent query connectivity interruptions. When sending email through the FortiMail unit that matches a policy and profile where the FortiGuard option is enabled, if the FortiMail cannot connect to the FDN and/or its license is not valid, and if Information-level logging is enabled, the FortiMail unit records a log message in the antispam log (located in Monitor > Log > AntiSpam) whose Log Id field is 0300023472
and whose Message field is:
FortiGuard-Antispam: No Answer from server.
Configuring licensed features
The following features are configurable with valid applicable licenses.
Configuring email continuity
When FortiMail is running in either Gateway or Transparent mode, with this feature enabled, end users are allowed to access inbound emails in instances where the email server behind the FortiMail unit goes offline. This feature is only available with a valid license from FortiGuard.
To configure email continuity
- Go to System > FortiGuard > Licensed Feature.
- Under Email Continuity, enable the feature.
- Adjust the retention period according to your requirements. The higher the number, the higher the number of days emails are kept before they are removed. The default setting is 30 and the valid range is 0-180.
Note that the actual retention period is whichever is the smaller value of this setting and the email retention period set for incoming email when configuring a resource profile. See Configuring resource profiles for more information. By default, this feature is disabled. |
Configuring advanced management features (license required)
If you have the advanced management license, you can enable or disable the following features under System > FortiGuard > Licensed Feature > Advanced Management.
- Enable HA centralized monitor. For details, see Centrally monitoring the HA cluster.
- Enable mailbox accounting service. For details, see Configuring mailbox statistics.
- Enable domain group support. For details, see To view and configure domain groups.
- Enable history log access for domain level administrator. For details, see Configuring protected domains.
Configuring adult image analysis
When you configure a content profile (see Configuring scan options), you can choose to scan for adult images in the email body and attachments.
To configure adult image analysis settings
- Go to System > FortiGuard > Licensed Feature.
- Under Adult Image Analysis, enable the analysis.
- Adjust the rating sensitivity according to your requirements. The higher the number, the higher the sensitivity. The default setting is 75 and the valid range is 0-100.
- Specify the minimum and maximum image size to scan.
Adjust the rating sensitivity properly to avoid false positives and false negatives. Enabling this feature affects the FortiMail performance. And by default, this feature is enabled. |