Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiPhish 25.4.a Administration Guide
    25.4.a
    25.4.a
    25.4.0
    25.3.0
    25.2.0
    25.1.0
    24.4.0
    24.3.0
    24.2.0
    24.1.0
    23.4.0
    23.3.0
    23.2.a
    23.2.0
    23.1.a

    Frequently Asked Questions (FAQs)

    Frequently Asked Questions (FAQs)

    I have reached the subscription limit, what should I do next?

    You have two options:

    1. Purchase additional FortiPhish license to increase the subscription limit.

    2. Alternatively, you can choose to wait until the beginning of the next month when the subscription limit is automatically reset to zero.

    My campaign has failed. What are the scenarios in which campaign might fail?

    Campaign may fail in the following scenarios:

    • The domain of the recipients is not verified.

    • A recipient group or Azure Active Directory (AD) groups used in the campaign are deleted while the campaign is in Pending state.

    • The subscription limit is exceeded.

    Can I import nested groups (group containing groups) from Azure AD?

    Currently, we do not support importing nested groups from Azure AD.

    Sending a test email failed with an error "550.5.7.509 Access Denied", what should I do next?

    You can make slight modifications to the domain name, such as changing a letter, for example, use apple.con or amaz0n.com instead of apple.com or amazon.com, to ensure the domain does not match any verified domains.

    I am receiving a "421 4.7.0 Not allowed" error while sending an email campaign. What does it mean?

    This error occurs when SMTP server tries to open more connections than allowed in a given period. There are two solutions.

    1. Increase the sending limit: You can adjust your mail server settings to allow more connections. Following are the recommended settings.

      • Number of connections in 30 minutes: 100

      • Number of emails per connection: 200

    2. Retry the campaign : If you don't want to change server settings, retry sending your email campaign until all emails are delivered.

    Why are images not displayed in phishing simulation emails?

    Using .svg image format can cause images to not display correctly in phishing simulation emails. To resolve this issue, please use .png images instead.

    Why do emails show as opened in campaign recipient statistics, even if I haven't opened them?

    Email scanners, such as Trend Micro and similar tools, often cause this behavior. These scanners proactively open emails to check for malicious content. This action registers as an Open in FortiPhish, even though the intended recipient hasn't viewed the email. To resolve this, safelist FortiPhish traffic within your email scanners.

    Why are FortiPhish emails going to quarantine in Microsoft 365 instead of the inbox?

    This typically occurs because Microsoft 365's security filters are flagging the emails. To resolve this, follow the steps in Safelisting FortiPhish in Office 365. Ensure you add the sender email domain configured in your FortiPhish campaign to your Microsoft 365 safelist.

    Microsoft Exchange Online / Microsoft 365 users receive a "Need admin approval" error when attempting to report phishing emails using the FortiPhish Alert Button in Outlook.

    The FortiPhish Alert Button requires Microsoft Graph API permissions (Mail.ReadWrite, Mail.Send, User.Read) to function correctly. Ensure your administrator grants these permissions. For detailed steps, see Adding FAB in Exchange Online / Microsoft 365.

    Previous
    Next

    Frequently Asked Questions (FAQs)

    Frequently Asked Questions (FAQs)

    I have reached the subscription limit, what should I do next?

    You have two options:

    1. Purchase additional FortiPhish license to increase the subscription limit.

    2. Alternatively, you can choose to wait until the beginning of the next month when the subscription limit is automatically reset to zero.

    My campaign has failed. What are the scenarios in which campaign might fail?

    Campaign may fail in the following scenarios:

    • The domain of the recipients is not verified.

    • A recipient group or Azure Active Directory (AD) groups used in the campaign are deleted while the campaign is in Pending state.

    • The subscription limit is exceeded.

    Can I import nested groups (group containing groups) from Azure AD?

    Currently, we do not support importing nested groups from Azure AD.

    Sending a test email failed with an error "550.5.7.509 Access Denied", what should I do next?

    You can make slight modifications to the domain name, such as changing a letter, for example, use apple.con or amaz0n.com instead of apple.com or amazon.com, to ensure the domain does not match any verified domains.

    I am receiving a "421 4.7.0 Not allowed" error while sending an email campaign. What does it mean?

    This error occurs when SMTP server tries to open more connections than allowed in a given period. There are two solutions.

    1. Increase the sending limit: You can adjust your mail server settings to allow more connections. Following are the recommended settings.

      • Number of connections in 30 minutes: 100

      • Number of emails per connection: 200

    2. Retry the campaign : If you don't want to change server settings, retry sending your email campaign until all emails are delivered.

    Why are images not displayed in phishing simulation emails?

    Using .svg image format can cause images to not display correctly in phishing simulation emails. To resolve this issue, please use .png images instead.

    Why do emails show as opened in campaign recipient statistics, even if I haven't opened them?

    Email scanners, such as Trend Micro and similar tools, often cause this behavior. These scanners proactively open emails to check for malicious content. This action registers as an Open in FortiPhish, even though the intended recipient hasn't viewed the email. To resolve this, safelist FortiPhish traffic within your email scanners.

    Why are FortiPhish emails going to quarantine in Microsoft 365 instead of the inbox?

    This typically occurs because Microsoft 365's security filters are flagging the emails. To resolve this, follow the steps in Safelisting FortiPhish in Office 365. Ensure you add the sender email domain configured in your FortiPhish campaign to your Microsoft 365 safelist.

    Microsoft Exchange Online / Microsoft 365 users receive a "Need admin approval" error when attempting to report phishing emails using the FortiPhish Alert Button in Outlook.

    The FortiPhish Alert Button requires Microsoft Graph API permissions (Mail.ReadWrite, Mail.Send, User.Read) to function correctly. Ensure your administrator grants these permissions. For detailed steps, see Adding FAB in Exchange Online / Microsoft 365.

    Previous
    Next