Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability modes
- FortiMail management methods
Setting up FortiMail system
- Connecting to the web UI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- View threat statistics
- View outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing generated reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, custom messages, email templates, SSO, and Security Fabric
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Managing the address book (server mode only)
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and antispam action profiles
- Configuring antivirus profiles, file signatures, and antivirus action profiles
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring the FortiGuard URL filter
- Configuring content disarm and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating mail statistic reports
- Configuring alert email
Microsoft 365 threat remediation
- Microsoft 365 protection workflow
- Configuring Microsoft 365 accounts
- Configuring profiles
- Configuring scanning policies
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Examples
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change Log

Home FortiMail 7.2.3 Administration Guide

Configuring the FortiGuard URL filter

7.2.3

Copy Link

Copy Doc ID 8c33441d-dd55-11ed-8e6d-fa163e15d75b:915170

Download PDF

Configuring the FortiGuard URL filter

FortiGuard URL filter service allows you choose which categories of URL in the email body you want to check, rewrite, or block. Then you can use the filters in the antispam profiles (see Configuring the FortiGuard URL filter) and the FortiGuard URL Click Protection settings (see Configuring licensed features).

To configure a URL category profile

Go to Security > URL Filter > Profile.
Click New.
Enter a profile name.
Select the URL categories you want to check in the email body.
Click Create.

With the release of FortiMail 7.0.2, the following new categories are introduced (to match those already supported by FortiOS):

Terrorism
URL Shortening
Crypto Mining
Potentially Unwanted Program

Configuring local categories

Configure custom FortiGuard URL local categories for URL override rating profiles.

Note that, for typical exemption purposes, you may wish to use the preexisting local-exempt category.

To configure the URL local category

Go to Security > URL Filter > Local Category.
Click New.
Enter a Name and an optional Comment for the new custom local category.
Click Create.

Configuring override ratings

Configure URL patterns (as either wildard or regular expressions) and override to defined URL categories. URL override rating lists can be used as web filter categories.

To configure the URL override rating

Go to Security > URL Filter > Override Rating.
Click New.
Enable Status, and enter a URL pattern.The pattern can use wildcards (default) or regular expressions. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. For more information about URL types and how they are processed, see URL types.
Under Override To, select a Group and a group-approriate Category.

To exempt URLs from FortiGuard URL and web filter (see Configuring FortiGuard options), FortiGuard URL protection (see Configuring licensed features), FortiSandbox scanning (see Using FortiSandbox antivirus inspection), select the Local Category group and local-exempt category.

Click Create.

URL types

There are two types of URLs:

Absolute URLs strictly follow the URL syntax and include the URL scheme names, such as “http”, “https”, and “ftp”. For instance, http://www.example.com.
Reference URLs do not contain the scheme names. For instance, example.com.

By default, FortiMail scans for absolute URLs.

You can use the following CLI command to change the default setting:

config antispam settings

set url-checking {strict | aggressive | extreme}

end

strict: Choose this option to scan for absolute URLs only. Note that web sites without “http” or “https” but starting with “www” are also treated as absolute URLs. For instance, www.example.com.
aggressive: Choose this option to scan for both the absolute and reference URLs. Sender domains are also checked against FortiGuard.
extreme: Choose this option to scan for all URLs with or without schemes, including absolute URLs, reference URLs, URLs in text format, and sender domains.

For more information about this command, see FortiMail CLI Reference.

Configuring the FortiGuard URL filter

To configure a URL category profile

Go to Security > URL Filter > Profile.
Click New.
Enter a profile name.
Select the URL categories you want to check in the email body.
Click Create.

With the release of FortiMail 7.0.2, the following new categories are introduced (to match those already supported by FortiOS):

Terrorism
URL Shortening
Crypto Mining
Potentially Unwanted Program

Configuring local categories

Configure custom FortiGuard URL local categories for URL override rating profiles.

Note that, for typical exemption purposes, you may wish to use the preexisting local-exempt category.

To configure the URL local category

Go to Security > URL Filter > Local Category.
Click New.
Enter a Name and an optional Comment for the new custom local category.
Click Create.

Configuring override ratings

Configure URL patterns (as either wildard or regular expressions) and override to defined URL categories. URL override rating lists can be used as web filter categories.

To configure the URL override rating

Go to Security > URL Filter > Override Rating.
Click New.
Enable Status, and enter a URL pattern.The pattern can use wildcards (default) or regular expressions. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. For more information about URL types and how they are processed, see URL types.
Under Override To, select a Group and a group-approriate Category.

Click Create.

URL types

There are two types of URLs:

Absolute URLs strictly follow the URL syntax and include the URL scheme names, such as “http”, “https”, and “ftp”. For instance, http://www.example.com.
Reference URLs do not contain the scheme names. For instance, example.com.

By default, FortiMail scans for absolute URLs.

You can use the following CLI command to change the default setting:

config antispam settings

set url-checking {strict | aggressive | extreme}

end

strict: Choose this option to scan for absolute URLs only. Note that web sites without “http” or “https” but starting with “www” are also treated as absolute URLs. For instance, www.example.com.
aggressive: Choose this option to scan for both the absolute and reference URLs. Sender domains are also checked against FortiGuard.
extreme: Choose this option to scan for all URLs with or without schemes, including absolute URLs, reference URLs, URLs in text format, and sender domains.

For more information about this command, see FortiMail CLI Reference.