Fortinet white logo
Fortinet white logo

CLI Reference

profile encryption

profile encryption

Use this command to create encryption profiles, which contain encryption settings for secure MIME (S/MIME).

Encryption profiles, unlike other types of profiles, are applied through message delivery rules, not policies.

Syntax

config profile encryption

edit <profile_name>

set encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes}

set action-on-failure {drop | send | tls}

set max-push-size <size_int>

set protocol {smime | ibe}

set retrieve-action {push | pull}

end

Variable

Description

Default

<profile_name>

Enter the name of the encryption profile.

encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes}

Enter the encryption algorithm that will be used with the sender’s private key in order to encrypt the email.

aes128

action-on-failure {drop | send | tls}

Enter the action the FortiMail unit takes when identity-based encryption cannot be used, either:

  • drop: Send a delivery status notification (DSN) email to the sender’s email address, indicating that the email is permanently undeliverable.
  • send: Deliver the email without encryption.

drop

max-push-size <size_int>

The maximum message size (in kilobytes) of the secure mail delivered (or pushed) to the recipient. Messages that exceed this size are delivered via pull. The size cannot exceed 10240 KB.

This option applies to the IBE protocol only.

2048

protocol {smime | ibe}

The protocol used for this profile, S/MIME or IBE.

smime

retrieve-action {push | pull}

The action used by the mail recipients to retrieve IBE messages.

  • push: A notification and a secure mail is delivered to the recipient who needs to go to the FortiMail unit to open the message. The FortiMail unit does not store the message.
  • pull: A notification is delivered to the recipient who needs to go to the FortiMail unit to open the message. The FortiMail unit stores the message.

This option applies to the IBE protocol only.

push

Related topics

profile authentication

system global

profile encryption

profile encryption

Use this command to create encryption profiles, which contain encryption settings for secure MIME (S/MIME).

Encryption profiles, unlike other types of profiles, are applied through message delivery rules, not policies.

Syntax

config profile encryption

edit <profile_name>

set encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes}

set action-on-failure {drop | send | tls}

set max-push-size <size_int>

set protocol {smime | ibe}

set retrieve-action {push | pull}

end

Variable

Description

Default

<profile_name>

Enter the name of the encryption profile.

encryption-algorithm {aes128 | aes192 | aes256 | cast5 | tripledes}

Enter the encryption algorithm that will be used with the sender’s private key in order to encrypt the email.

aes128

action-on-failure {drop | send | tls}

Enter the action the FortiMail unit takes when identity-based encryption cannot be used, either:

  • drop: Send a delivery status notification (DSN) email to the sender’s email address, indicating that the email is permanently undeliverable.
  • send: Deliver the email without encryption.

drop

max-push-size <size_int>

The maximum message size (in kilobytes) of the secure mail delivered (or pushed) to the recipient. Messages that exceed this size are delivered via pull. The size cannot exceed 10240 KB.

This option applies to the IBE protocol only.

2048

protocol {smime | ibe}

The protocol used for this profile, S/MIME or IBE.

smime

retrieve-action {push | pull}

The action used by the mail recipients to retrieve IBE messages.

  • push: A notification and a secure mail is delivered to the recipient who needs to go to the FortiMail unit to open the message. The FortiMail unit does not store the message.
  • pull: A notification is delivered to the recipient who needs to go to the FortiMail unit to open the message. The FortiMail unit stores the message.

This option applies to the IBE protocol only.

push

Related topics

profile authentication

system global