system advanced-management
Use this command to control advanced management features that are designed for deployments such as managed security service providers (MSSP).
|
Advanced management options require a valid feature license, purchased from Fortinet. Some subcommands are only available when MTA advanced control is enabled. See mta-adv-ctrl-status {enable | disable} |
Syntax
config system advanced-management
set dmarc-report-analysis-status {enable | disable}
set domain-admin-log-status {enable | disable}
set domain-group-status {enable | disable}
set domain-mail-stats-status {enable | disable}
set ha-central-monitor-status {enable | disable}
set intra-domain-protection-status {enable | disable}
set mailbox-accounting-status {enable | disable}
set user-management {enable | disable}
end
|
Variable |
Description |
Default |
|
Enable or disable collection of statistics about DMARC reports, such as how many email were sent to a recipient domain, and how many failed DMARC verification. To view the statistics, on the GUI, go to Monitor > DMARC Analysis > Analysis Summary or Monitor > DMARC Analysis > Analysis Detail. Alternatively, you can enable or disable this for each protected domain. See dmarc-report-analysis-status {enable | disable | use-system-setting}. To enable DMARC reports, see antispam dmarc-report-generation. |
disable |
|
| domain-admin-log-status {enable | disable} | Enable or disable domain-level administrator log access. | enable |
| domain-group-status {enable | disable} | Enable or disable domain group support. | enable |
|
Enable or disable domain-level mail statistics. |
disable |
|
|
Enable or disable HA central monitoring. |
disable |
|
|
Enable or disable applying both inbound and outbound policies when an email is sent between protected domains. When this setting is disabled, if an email is sent between two protected domains, then FortiMail only applies the matching inbound policy. This means that, for example, an inbound policy with antispam would apply, but not an outbound policy with DLP. This behavior may be correct if all protected domains belong to the same company. However for an MSSP with multiple tenants, both policies should apply. In that case, enabled this setting so that FortiMail applies both inbound and outbound policies. |
disable |
|
| mailbox-accounting-status {enable | disable} |
Enable or disable the mailbox accounting service. |
disable |
|
Enable or disable user management. |
disable |