Use Case 1: Scanning ActiveSync Email Attachments
As ActiveSync delivers emails to devices, organizations need to make sure email attachments are scanned to ensure they do not carry any malware.
FortiWeb provides the ability to extract attachments from the mobile to mail server sessions, scan them using its embedded Antivirus engine, and send them to FortiSandbox for additional scanning.
First, make sure your web server supports ActiveSync and configured correctly. Here is an example for Microsoft Exchange:
Exchange 2010
- Open IIS Manager.
- Go to Microsoft-Server-ActiveSync.
- Make sure Basic Authentication is enabled.
- Open Exchange Management Console.
- Go to Client Access.
- Switch to Exchange ActiveSync on the bottom panel.
- Double click Microsoft-Server-ActiveSync (Default Web Site).
- Make sure:
- URLs are configured correctly.
- Basic authentication is enabled.
- Client certificate is ignored.
Exchange 2013/2016/2019
- Open your browser, and access Exchange admin center https://<exchange.server.com>/ecp.
- Log in with administrator credentials.
- Go to Microsoft-Server-ActiveSync (Default Web Site).
- Make sure the configurations are the similar to those of Exchange 2010 above.
FortiWeb Configuration
First, configure the File Security policy.
- Enable Trojan Detection for additional security. Make sure you enable Antivirus Scan and FortiSandbox.
- Enable Scan attachments in Email and choose ActiveSync in Protocol (possibly OWA too if you’re using FortiWeb to publish Exchange OWA as well).
Now, attach the File Security policy to the Web Protection Profile. For more information on File Security, see Limiting file uploads in FortiWeb Administration Guide.
Next, create a new server policy. ActiveSync is usually used with SSL. So the front end and backend should be configured with HTTPS.
- Configure the front end (towards the client) options.
- Configure the backend (towards the server pool) options.
Now, open the mail application on your phone and test.