profile encryption
Use this command to create encryption profiles, which contain encryption settings for secure MIME (S/MIME).
Encryption profiles, unlike other types of profiles, are applied through message delivery rules, not policies.
Syntax
config profile encryption
edit <profile_name>
set encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes}
set action-on-failure {drop | send | tls}
set max-push-size <size_int>
set protocol {smime | ibe}
set retrieve-action {push | pull}
end
<profile_name>
|
Enter the name of the encryption profile.
|
|
encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes}
|
Enter the encryption algorithm that will be used with the sender’s private key in order to encrypt the email.
|
aes128
|
action-on-failure {drop | send | tls}
|
Enter the action the FortiMail unit takes when identity-based encryption cannot be used, either:
drop : Send a delivery status notification (DSN) email to the sender’s email address, indicating that the email is permanently undeliverable.
send : Deliver the email without encryption.
|
drop
|
max-push-size <size_int>
|
The maximum message size (in kilobytes) of the secure mail delivered (or pushed) to the recipient. Messages that exceed this size are delivered via pull. The size cannot exceed 10240 KB.
This option applies to the IBE protocol only.
|
2048
|
protocol {smime | ibe}
|
The protocol used for this profile, S/MIME or IBE.
|
smime
|
retrieve-action {push | pull}
|
The action used by the mail recipients to retrieve IBE messages.
push : A notification and a secure mail is delivered to the recipient who needs to go to the FortiMail unit to open the message. The FortiMail unit does not store the message.
pull : A notification is delivered to the recipient who needs to go to the FortiMail unit to open the message. The FortiMail unit stores the message.
This option applies to the IBE protocol only.
|
push
|
Related topics
profile authentication
system global