FortiMail Overview Dedicated email security solution - PowerPoint PPT Presentation

Loading...

PPT – FortiMail Overview Dedicated email security solution PowerPoint presentation | free to view - id: 4148bc-MjdiY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

FortiMail Overview Dedicated email security solution

Description:

Arial MS PGothic Arial Narrow Times Wingdings SimSun Times New Roman Fortinet_2006 1_Fortinet_2006 FortiMail Overview Dedicated email security solution Agenda ... – PowerPoint PPT presentation

Number of Views:1159
Avg rating:3.0/5.0
Slides: 74
Provided by: Fort77
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: FortiMail Overview Dedicated email security solution


1
FortiMail OverviewDedicated email security
solution
  • Last Update February 2008
  • Nathalie Rivat

2
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

3
Email Security Challenges
  • Action is needed to secure mail inbound and
    outbound

4
Introducing FortiMail
Multi-layered email security platforms Maximum detection accuracy of blended email-based threats Antispam, antivirus, antispyware and antimalware detection Relies on Fortinet FortiGuard services that are powered by a worldwide 24x7 Global Threat Research organization
Inbound Outbound Email Messaging Security Unlike other messaging security products, FortiMail secures inbound and outbound mail inspection with only one system
Flexible deployment options The only email security solution that can be deployed in Transparent mode Gateway mode Email server mode
Integrated Message Transfer Agent (MTA) Specialized MTA engine for peak capacity Intelligent routing, QoS, virtualization
Cost effective solution No user or mailbox restrictions Large product range to fit performance requirements No third-party agreement 100 Fortinet technology
Email Archiving Facilitates regulatory compliance for content archiving
High availability FortiMail redundancy with automatic failover
Logging and Reporting Provides visibility into email usage
5
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

6
FortiMail Operating Modes
  • The only solution that can be deployed in 3 modes
    and fits
  • Any deployment scenarios
  • DMZ or inline deployments, one-arm or dual-arm
    attachement, etc.
  • Any IP requirements
  • Bridge mode, Route mode, NAT IP addresses
  • Any SMTP requirements
  • Explicit or transparent proxy, visible or
    invisible in headers and envelop

Gateway Mode (relay mode) Proxy MTA services for existing email gateways DNS MX record redirects email to FortiMail
Transparent Mode Intercept SMTP traffic that is not explicitely destined to itself FortiMail does not need to be the SMTP or IP endpoint Seamless integration into existing network environments Requires no IP or SMTP changes It can also simulate an explicit relay (VIP) FortiMail is the SMTP/IP endpoint FortiMail can bridge or route traffic
Server Mode Full email server functionality
7
Gateway mode deployment Traditional scenario
USERS
MAIL SERVERS
OUTGOING SMTP
INCOMING SMTP
  • FortiMail is a mail relay
  • Involves changes to the existing network topology
  • DNS server is configured to ensure that incoming
    SMTP traffic is sent to FortiMail before reaching
    the backend mail server
  • FortiMail supports outgoing antispam filtering
  • In addition to virus and content filtering for
    policy compliancy
  • The backend mail server relay outgoing mail to
    FortiMail for improved security
  • Zombies and botnet protection
  • Antispam techniques for outgoing traffic are
    different than for incoming mail

8
Transparent mode deploymentoption 1 Large
Enterprise
BOTH INTERFACES ARE IN BRIDGE MODE
USERS
OUTGOING SMTP
MTAs
INCOMING SMTP
  • FortiMail is inline - in front of mail servers
  • Although not explicitely destined to FortiMail,
    SMTP traffic is transparently proxied and
    inspected
  • Seamless integration into existing network, no
    network reconfiguration
  • IP-layer transparency
  • FortiMail acts as a bridge for SMTP and non SMTP
    traffic
  • No need to change the IP addressing scheme or
    mail server default gateway
  • SMTP-layer transparency
  • No change in existing MX records and MUA/MTA
    setup
  • FortiMail can be transparent in envelop mail
    headers

9
Transparent mode deploymentoption 2 ISPs
TRANSPARENT MODE
ONE-ARM or DUAL-ARM ATTACHEMENT (OPTIONALY 3rd
INTERFACE FOR OOB MANAGEMENT)
POLICY-BASED ROUTING SMTP TRAFFIC --gt FORTIMAIL
MTAs
MTAs
OUTGOING SMTP
MUAs
MUAs
SESSIONS INITIATED FROM THE INTERNET TO THE ISP
INTERNAL NETWORK ARE NOT SCANNED
  • FortiMail is not inline
  • The network redirects SMTP traffic to FortiMail
  • Policy based routing or load-balancers
  • Smooth integration into existing network
    environments
  • No need to change IP addressing scheme or SMTP
    setup on MUA/MTA
  • Although not explicitely destined to FortiMail,
    SMTP traffic is intercepted by FortiMail
    inspected, and clean traffic delivered to
    destination MTAs

10
ISP scenario
  • ISP and Mobile Operators are concerned about
    filtering outgoing spam to protect their IP
    addresses from black-listing
  • Spammers cause ISP addresses to be black-listed
    by DNSBL servers
  • Outgoing SMTP connections any SMTP session
    initiated from the internal network and destined
    to MTAs on the Internet
  • Outgoing mail flow are NATed behind the Service
    Provider public IP addresses

11
ISP scenario NAT impact
  • Many-to-one NAT
  • All users are NATed behind the same IP address
  • If the public IP address is black-listed ALL
    internal users are blocked and cant send mail
  • A single source of spam is enough to black-list
    the ISP address
  • One to one NAT
  • Private IP addresses are dynamically assigned to
    users
  • Each private IP address is NATed behind a public
    IP address
  • If a public IP address is backlisted because it
    has been used by a spammer, the next user that
    receives this IP address is blacklisted too

12
ISP scenario Requirements
  • Antispam solution needs
  • To be transparent
  • No MTA or MUA modification
  • To protect unknown domains
  • Not realistic to list maintain the customer
    domains
  • To support an unlimited number of domains
  • To support antispam for outgoing mail flow and
    implement efficient filters that fit outgoing
    traffic type
  • Different techniques are involved for outgoing
    flows than for incoming flows
  • For instance IP reputation is unadapted
  • FortiMail can do all of that

13
Server mode deployment
USERS
OUTGOING SMTP
INCOMING SMTP
  • Mail server functionalities
  • Webmail, SMTP, POP3 and IMAP client support
  • Secure (SSL) WebMail client access
  • Disk quota policy for user accounts
  • Bulk Folder for spam mail

14
Mail routing decision
  • Intelligent MTA
  • FortiMail can take mail routing decision based
    on
  • The original destination IP address (transparent
    mode)
  • Its own calculation of the destination MTA
    (transparent or gateway mode) which can be done
    is various ways
  • If the recipient domain is not explicitely
    defined in the FortiMail config
  • DNS-MX resolution
  • Default relay (IP address or DNS-A resolution for
    load-balancing)
  • If the recipient domain is explicitely defined in
    FortiMail config
  • DNS-MX resolution
  • DNS-A resolution
  • Static IP address
  • LDAP lookup

15
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

16
FortiMail product line
SMALL ENTERPRISE
MEDIUM ENTERPRISE
LARGE ENTERPRISE
SERVICE PROVIDER
FORTIMAIL 100 (FULL INSPECTION)
FORTIMAIL 400 (FULL INSPECTION) RAID SUPPORT
FORTIMAIL 2000A / 4000A (FULL INSPECTION) RAID
SUPPORT REDUNDANT FANs IPS
  • Dedicated appliance
  • Integrated hardware and software
  • Purpose build and hardened operating system
  • Fit the need of any company size
  • From SMB market to High-End Enterprise Service
    Providers
  • Deliver the same protection level and features
    through the range

17
FortiMail 100
  • SOHO or branch office use
  • Hardware specs
  • 4x 10/100 Ethernet ports
  • Single 1.0 GHz CPU
  • 512MB RAM
  • 1x 120GB 3.5 IDE drive

18
FortiMail 400
  • Medium to large enterprise
  • Hardware specs
  • 4x 10/100 ports
  • 2x 10/100/1000 ports
  • Single 3.0 GHz CPU
  • 1GB RAM
  • 2x 120GB 3.5 IDE drives
  • Software RAID (0 or 1)

19
FortiMail 2000A / 4000A
  • Large enterprise and Service Providers
  • Hardware specs
  • 4x 10/100/1000 Ethernet ports
  • Single / Dual Xeon 3.0 GHz CPUs
  • 2GB of RAM
  • 6x / 12x 250GB 3.5 SATA drives
  • Hardware RAID (0, 1, 5, 10 or 50)
  • Redundant power supplies
  • Hot-swappable fans

20
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

21
Policies
  • Policies determine
  • How incoming outgoing email is scanned for
    spam, viruses, and attachment
  • What to do with spam or email messages containing
    viruses
  • Policies
  • Identify a mail flow based on the
  • Source IP address
  • Destination IP address (transparent mode
    specific)
  • Recipient mail address
  • And define which security check should apply to
    this mail flow
  • Assign protection profiles to the identified mail
    flow
  • Can also be retrieved from LDAP lookup
  • Benefit
  • Allow granular definition of services that should
    apply on specific type of traffic
  • For instance, identify flows that should receive
  • maximum security (strict AS profile)
  • or maximum QOS (such as high session rate)

22
Recipient based policies
  • Recipient based policies catch traffic based on
    mail addresses
  • Explicite user mail address
  • User groups (incoming policies)
  • Or wildcard asterisk ()

23
IP based policies
  • IP policies capture traffic based on IP addresses
  • Src and/or dst IP addresses (transparent mode)
  • Src IP address (in gateway and server mode)

24
Policy check How it works
  • FortiMail first looks for an IP policy match
  • IP policies are checked in sequence
  • If there is an IP policy match
  • FortiMail takes into account the session profile
    defined in the policy
  • FortiMail then search the recipient policies
  • except if the IP policy exclusive flag is set
  • Else, FortiMail looks for a recipient based
    policy match

IP POLICY EXCLUSIVE FLAG
25
Protection profiles
  • Profile a collection of FortiMail settings that
    control the email flow
  • Profiles are selected in policies and run on any
    traffic the policy controls
  • Several types of profile
  • Session profile
  • Set session rate
  • Restrict the number of mail per session, of
    recipients per mail, of simultaneous session for
    the same client
  • Prevent session encryption,
  • Perform SMTP strict syntax check, domain check,
    etc.
  • Antispam profile
  • Antivirus profile
  • Content profile
  • Filter file type, file extensions, banned content
  • Defer large message
  • Authentication profile
  • Authenticate sessions using SMTP, POP3, IMAP, or
    RADIUS servers

26
Comments
  • You do not have to define the protected domains
  • Mail Service Provider and Internet Service
    Provider environment
  • Differentiated services can still apply based on
    IP addresses or recipient mail addresses
  • Wildcard policies can be defined using
    IP0.0.0.0/0 or recipient address
  • Antispam, antivirus, content and session profiles
    are available for incoming or outgoing mail flow

27
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

28
FortiMail Advanced Spam Detection
  • FortiGuard-Antispam service
  • FortiMail queries a central database
  • FortiMail employs multiple sophisticated antispam
    technologies that complement the
    FortiGuard-Antispam service
  • Session-based inspection
  • Session level detection methods greatly reduce
    load
  • Avoid unecessary mail processing and content
    scanning
  • Most of the session control parameters are
    configured in the session profile
  • Few of them in the antispam profile (grey listing
    DNSBL)
  • Header and body inspection
  • Configured in the antispam profile

29
FortiGuard-Antispam
  • FortiGuard-Antispam uses a number of filtering
    techniques to detect and filter spam
  • FortiIP Sender IP reputation database
  • IP address scoring
  • FortiSig1 Spamvertised URLs
  • Block messages that have spam hosts mentioned in
    message bodies
  • Detect spam based on the URIs (usually web sites)
    contained in the message body as opposed to the
    spam origin (used by RBL)
  • FortiSig2 Spamvertised email addresses
  • Lots of spam have an email address in the message
    body that prompts one to contact the spammers.
    Those email addresses are added to FortiSig
  • FortiSig3 Spam object checksums
  • Objects in spam are identified and a fuzzy
    checksum is calculated from each object which it
    then added top the FortiSig database
  • Objects can be part of the message body or an
    attachment
  • FortiRule
  • FortiGuard also updates FortiMail local set of
    heuristics rules

30
FortiIP Sender IP reputation
  • FortiGuard-Antispam maintains a global IP
    reputation database
  • The reputation of each IP is built and maintained
    based on tens of properties gathered from various
    sources
  • The properties include
  • The whois information, geographical location,
    service provider,
  • Whether it is an open relay or hijacked host,
    etc.
  • One of the key properties is the email volume
    from this sender as gathered from our FortiGuard
    service network
  • By comparing a sender's recent email volume with
    its historical pattern, FortiGuard-AntiSpam
    updates each IP's reputation in real-time and
    provides a highly effective sender IP address
    filter

31
FortiGuard-Antispam overview
  • To achieve up-to-date real-time spam
    identification, Fortinet utilizes globally
    distributed spam probes that receive over one
    million spam messages per day
  • Each message is processed through multiple layers
    of identification processes to produce an
    up-to-date list of spam origins
  • To further enhance the service and streamline
    performance, each of the known identities in
    the list is continually re-tested to determine
    the state of the origin (active or inactive)
  • If a known spam origin has been decommissioned,
    the origin is then removed from the list, thus
    providing customers with both accuracy and
    performance

32
FortiMail Advanced Spam Detection
  • Session based inspection
  • SMTP syntax verification and RFC compliancy
  • SMTP checks (sender/recipient domain check,
    prevent open relay, etc.)
  • SMTP rate limiting (simultaneous sessions, new
    sessions / period of time, etc.)
  • SMTP error control
  • Recipient address check (valid mail address)
  • Greylist Filtering
  • Local Reputation Filtering
  • Etc.

33
Session level Protocol check
  • Consider at least the two following options

34
Session level SMTP errors
  • Errors sometimes indicate attempts to misuse the
    server
  • You can impose delays or drop connections if
    there are errors

35
Session level Unauth sessions
  • Check sender domain
  • Checks the existence of the sender domain by
    looking up both the MX record and A record
  • One successful query would pass the check
  • Enable it depending on deployment scenario
  • Useful for ISP outgoing antispam and
    MSP/Enterprise incoming mail
  • Check recipient domain
  • Checks the existence of the sender domain by
    looking up both the MX record and A record
  • One successful query would pass the check
  • Enable this depending on your deployment scenario
  • Useful for ISP/MSP/Enterprise outgoing antispam

36
Session level Unauth sessions
  • Reject if recipient and helo domain match but
    sender domain is different
  • If the recipient (RCPT TO toto_at_fortinet.com)
    and helo domain match (for instance, SMTP client
    host name mailserver.fortinet.com), then it is
    expected that it is an internal mail
    (sender_at_fortinet.com in our example) the mail
    should be coming from Fortinet and destined to
    Fortinet.
  • That's why if the sender domain is not the same
    as the recipient domain, FortiMail would drop the
    connection
  • It is very unlikely that a well-configured mail
    server would make such a connection
  • Prevent open relaying
  • Verifies that the RCPT TO domain matches the IP
    address given by MX lookup but allow if
    authentication is used

37
Session level Settings for unauth sessions
38
Session level Recipient address check for
incoming mail
  • Recipient address verification helps to detect
    incoming spam
  • Ensure that email with invalid recipients is
    rejected, not scanned, nor sent to the backend
    email server
  • Support SMTP server or LDAP database

DEFINE THE APPROPRIATE METHOD FOR RECIPIENT CHECK
39
Session level Session rate limiting
  • Adjust the quality of service
  • Control the number of simultaneous connections as
    well as the number of connections within a
    certain amount of time
  • Adjust this settings if you filter outgoing spam
    and you have a large internal source of mail

40
Session level Sender Reputation
  • An anti-spam measure managed by FortiMail and
    requiring no maintenance or attention
  • FortiMail keeps track of SMTP client behavior
  • If a sender delivers mail including spam and/or
    viruses, or a large number of invalid users, the
    sender reputation feature will take measures
    against them
  • Those sending excessive spam messages, infected
    mail, or messages to invalid recipients will have
    their deliveries limited
  • Should clients continue delivering these types of
    messages, their connection attempts will be
    rejected entirely
  • To make it working efficiently, network must not
    hide the client IP addresses to FortiMail
  • FortiMail is not connected behind a NAT device
  • FortiMail is not receiving connections from a
    relay

41
Sender Reputation Specifics
  • FortiMail records for each SMTP client (IP
    address)
  • Total number of messages delivered
  • Number of messages detected as spam
  • Number of messages infected with viruses or worms
  • Total number of recipients
  • Number of invalid recipients
  • FortiMail determines a senders reputation score
    using 2 ratios
  • The amount of good email compared to the bad mail
  • The total number of recipients as compared to the
    number of bad recipients
  • FortiMail uses email information up to twelve
    hours old, and recent mail influences the score
    calculation more than older mail
  • Score from 0 to 100, (0 a very well behaved
    sender, 100 the type of sender youd rather
    avoid)
  • After 12 hours without a mail delivery from a
    client, client records are deleted
  • The sender reputation score is compared to 3
    thresholds (customizable)
  • Above the 1st value, FortiMail limits the number
    of messages accepted per hour
  • Above the 2nd value, FortiMail rejects the
    connection returning a temporary fail error
  • Above the third value, FortiMail refuses the
    connection returning a reject message

42
Sender Reputation configuration
  • Sender reputation is configured and enabled in
    the session profile
  • It can be used with the following default
    settings

43
Session level IP black listing
  • DNSBL
  • DNS Blacklist
  • List of IP addresses that are known to originate
    spam
  • Configure a public DNSBL server
  • such as sbl-xbl.spamhaus.org

44
Session level Greylisting
  • A mean of reducing spam in a relatively low
    maintenance manner
  • No IP address lists, email lists, or word lists
    to keep up to date
  • The only required list is automatically
    maintained by the FortiMail unit
  • Block spam based on the behavior of the sending
    server, rather than the content of the messages
  • When receiving an email from an unknown server,
    the FortiMail temporarily rejects the email
  • If the mail is legitimate, the originating server
    will try again later, at which time the FortiMail
    unit will accept it
  • Spam servers will very unlikely attempt a retry
  • Grey listing is enabled in the antispam
    incoming/outgoing profiles

45
Session level Greylisting
  • TTL The time to live setting
  • How long the to/from/IP data will be retained in
    the FortiMail greylist
  • When the entry expires, it is removed and new
    messages are again rejected until the sending
    server attempts to deliver the message again
  • Grey listing period
  • Length of time the FortiMail will continue to
    reject messages with an unknown to/from/IP
  • After this time expires, any resend attempts will
    have the to/from/IP data added to the greylist
    and subsequent messages will be delivered
    immediately

46
Greylisting Specifics
  • Greylist routine looks at the envelop and extract
    3 values
  • Sender address (Mail From)
  • Recipient address (Rctp to)
  • IP address of the mail server delivering the
    message
  • If the greylist routine doesnt have a record of
    a message with these three values
  • Message is refused
  • Temporary error is reported to the server
    attempting delivery
  • The delivering server should later attempt to
    send the mail again
  • Mail servers following specifications (RFC 821)
    will attempt to retry deliveries that fail with
    expected error codes
  • Most spam mail is not delivered by standard mail
    servers, but rather by applications designed
    specifically for spam distribution
  • If another delivery is attempted, the message is
    accepted
  • FortiMail has stored the 3 attributes so any
    subsequent messages with these same three values
    is immediately accepted

47
Grey listing Comments
  • Grey listing is a very efficient method that is
    destined to MTA sessions
  • Grey listing should not apply to MUA sessions
  • If it is not possible for FortiMail to
    distinguish MUA sessions from MTA sessions, do
    not enable grey listing
  • Example ISP deplopyment for outgoing antispam
  • FortiMail automatically bypass grey listing for
    SMTP sessions it authenticates

48
Header and body inspection
  • Header and body inspection
  • Deep header scanning
  • Image Analysis Filtering
  • Heuristics Rules (several thousands) dynamic
    update
  • Maintained by Fortinets antispam research team
  • Automatic upload through FortiGuard services
  • Public SURBL
  • Attachement filtering (PDF scan)
  • Per User / Domain Bayesian Filtering
  • Locally administered black/white list of domains
    and users
  • Banned words / dictionnary scanning

49
Header inspection
  • Black IP checking looks at the Received fields
    of the email header
  • Extracts hostnames and IP addresses of mail
    servers the email has gone through
  • Pass them to the FortiGuard-Antispam service,
    DNSBL, or SURBL servers
  • Header analysis examines the entire message
    header for spam characteristics
  • Leverages Fortinets extensive known-spam library
    to add intelligent analysis to email header
    content ultimately improving detection of image
    spam that attempts to evade antispam filters

50
Content inspection SURBL
  • SURBL Spam URI Realtime BlockList
  • List of spamvertised sites
  • Also called spammy URL
  • Allows to block mail that have spam hosts
    mentioned in bodies
  • web servers, sites, domains
  • Configure a public SURBL server
  • Such as multi.surbl.org

51
Content inspection Image scanning
  • An increasingly common tactic used by spammers is
    to replace the message body with an image file
  • This image file displays a graphic of the desired
    text
  • Image spam are difficult to detect since spammers
    slightly change the image
  • To avoid signature based detection methods (such
    as FortiSig3 Spam object checksums)
  • FortiMails image scan detects spam where the
    message body includes an image
  • Examines and identifies GIF, JPEG, and PNG
    graphics
  • Detects spam based on email header and body
    analysis, and image processing
  • Process is locally achieved by FortiMail and does
    not use OCR (optical character recognition)
  • Our testing has shown this method is not
    effective enough

52
Content level PDF scan
  • Enable PDF scanning
  • All content filters will apply
  • SURBL
  • Black IP scan
  • Image scan
  • Banned words
  • Etc.

53
Antispam actions
  • Per antispam profile settings

54
Spam report
  • Set the time for the FortiMail unit to send spam
    reports to email users
  • Customize the report message and HTML appearance
    as you wish

55
User quarantine
  • Allow users to access their quarantine by web mail

56
Quarantine User preferences
  • Language customization
  • User BWL settings
  • Etc.

57
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

58
Antivirus check
  • FortiMail detects viruses and spyware embedded in
    SMTP email messages and removes them
  • Provides both Wildlist and Zoolist/legacy virus
    protection against more than 300,000 viruses and
    variants
  • Leverage the award winning Fortinet Antivirus
    engine
  • ICSA certified
  • FortiMail inserts replacement messages to notify
    the recipient, or silently block infected email
    or warn sender of failed delivery
  • Automatic antivirus engine and signature files
    update
  • Do NOT charge per user mailbox

59
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

60
FortiMail clustering
  • Supported in transparent/gateway/server mode
  • Supports 2 HA modes
  • Config-only HA mode
  • Up to 25 FortiMail units share a common
    configuration, but operate as separate FortiMail
    units
  • Usually implemented with external load sharing
  • load-balancers, DNS round robin, etc.

61
FortiMail clustering
  • HA Active-passive mode
  • Two FortiMail units providing failover protection
  • HA synchronization
  • Configuration synchronization
  • Except few parameters that should not be
    synchronized FortiMail hostname, SNMP
    information, some HA settings
  • Mail data synchronization
  • Include and selectively synchronize System mail
    directory, user home directories, and MTA spool
    directories
  • HA health check
  • Interface monitoring
  • Service monitoring (SMTP, POP3, etc.)
  • Supports redundant HA interfaces
  • Choose behaviour after recovery preemption
    ON/OFF, offline state, etc.

62
FortiMail clustering
DEFINE FORTIMAIL BEHAVIOUR AFTER RECOVERY
(PREEMPT, OFFLINE, ETC.
SUPPORTS REDUNDANT HA INTERFACE
DEFINE FAILURE DETECTION SETTINGS
63
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Reporting

64
Archival Meet regulatory requirements
  • Selectively archive mails based on
  • Sender
  • Recipient
  • Content Pattern
  • Keywords in subject
  • Keywords in body
  • Attachment type
  • Storage
  • FortiMail HD
  • scheduled SFTP/FTP upload
  • Or External NAS storage

65
Agenda
  • Introducing FortiMail
  • FortiMail deployment scenarios
  • FortiMail product line
  • Differentiated services policies and profiles
  • Antispam techniques
  • Virus detection
  • FortiMail HA
  • Email archiving
  • Management / Logging / Reporting

66
Management / Logging / Reporting
  • Easy management that answers SMB and High End
    need
  • Wizard option for fast and easy deployment
  • Configuration tasks
  • Through Intuitive GUI (basic and advanced modes)
  • Though CLI mode
  • Logs
  • On device local logging
  • Syslog/FortiAnalyzer output
  • Provide full visibility about the mail usage
  • Over 240 embedded HTML or PDF reports
  • Mail stats, virus stats, spam stats, etc.
  • Alerts and resources usage
  • SNMP traps and MIB polling
  • CPU Usage, Memory Usage, Log Disk Usage, Mailbox
    Disk Usage, Deferred queue, Detected virus,
    Detected spam, etc.

67
Wizard for fast easy deployment
  • Provides a way to quickly have the FortiMail unit
    up and running
  • Administrator does not have to know choose
    antispam techniques
  • Involves only 6 steps
  • Step1 Admin pwd
  • Step2 IP/DNS/Time info

68
Wizard for fast easy deployment
  • Step3 Local domain
  • Step4 Protected domain

69
Wizard for fast easy deployment
  • Step5 Incoming protection
  • Antispam level (high/medium/low)
  • Antivirus service ON/OFF
  • Step6 Outgoing protection
  • Antispam level (high/medium/low)
  • Antivirus service ON/OFF
  • Access control for relay permission

70
Wizard for fast easy deployment
  • Review, save and its done!

71
Report sample
72
FortiMail key points
Fit any deployment scenario and network
requirement (explicit or transparent proxy, route
or bridge packets, visible or unvisible in the
headers, etc).
No OEM agreement, 100 Fortinet technology, no
user licences
Support advanced HA with network and service
check, mail data synchronization, etc.
Supports outgoing spam filtering
Includes extended reports and large quarantine
server
Administration that fits SMB, Enterprises and
Service Providers
73
Thank you !Questions ?
About PowerShow.com