FortiMail Overview Dedicated email security solution

1
FortiMail OverviewDedicated email security
solution

• Last Update February 2008
• Nathalie Rivat

2
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

3
Email Security Challenges

• Action is needed to secure mail inbound and
  outbound

4
Introducing FortiMail
Multi-layered email security platforms Maximum detection accuracy of blended email-based threats Antispam, antivirus, antispyware and antimalware detection Relies on Fortinet FortiGuard services that are powered by a worldwide 24x7 Global Threat Research organization
Inbound Outbound Email Messaging Security Unlike other messaging security products, FortiMail secures inbound and outbound mail inspection with only one system
Flexible deployment options The only email security solution that can be deployed in Transparent mode Gateway mode Email server mode
Integrated Message Transfer Agent (MTA) Specialized MTA engine for peak capacity Intelligent routing, QoS, virtualization
Cost effective solution No user or mailbox restrictions Large product range to fit performance requirements No third-party agreement 100 Fortinet technology
Email Archiving Facilitates regulatory compliance for content archiving
High availability FortiMail redundancy with automatic failover
Logging and Reporting Provides visibility into email usage
5
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

6
FortiMail Operating Modes

• The only solution that can be deployed in 3 modes
  and fits
• Any deployment scenarios
• DMZ or inline deployments, one-arm or dual-arm
  attachement, etc.
• Any IP requirements
• Bridge mode, Route mode, NAT IP addresses
• Any SMTP requirements
• Explicit or transparent proxy, visible or
  invisible in headers and envelop

Gateway Mode (relay mode) Proxy MTA services for existing email gateways DNS MX record redirects email to FortiMail
Transparent Mode Intercept SMTP traffic that is not explicitely destined to itself FortiMail does not need to be the SMTP or IP endpoint Seamless integration into existing network environments Requires no IP or SMTP changes It can also simulate an explicit relay (VIP) FortiMail is the SMTP/IP endpoint FortiMail can bridge or route traffic
Server Mode Full email server functionality
7
Gateway mode deployment Traditional scenario
USERS
MAIL SERVERS
OUTGOING SMTP
INCOMING SMTP

• FortiMail is a mail relay
• Involves changes to the existing network topology
• DNS server is configured to ensure that incoming
  SMTP traffic is sent to FortiMail before reaching
  the backend mail server
• FortiMail supports outgoing antispam filtering
• In addition to virus and content filtering for
  policy compliancy
• The backend mail server relay outgoing mail to
  FortiMail for improved security
• Zombies and botnet protection
• Antispam techniques for outgoing traffic are
  different than for incoming mail

8
Transparent mode deploymentoption 1 Large
Enterprise
BOTH INTERFACES ARE IN BRIDGE MODE
USERS
OUTGOING SMTP
MTAs
INCOMING SMTP

• FortiMail is inline - in front of mail servers
• Although not explicitely destined to FortiMail,
  SMTP traffic is transparently proxied and
  inspected
• Seamless integration into existing network, no
  network reconfiguration
• IP-layer transparency
• FortiMail acts as a bridge for SMTP and non SMTP
  traffic
• No need to change the IP addressing scheme or
  mail server default gateway
• SMTP-layer transparency
• No change in existing MX records and MUA/MTA
  setup
• FortiMail can be transparent in envelop mail
  headers

9
Transparent mode deploymentoption 2 ISPs
TRANSPARENT MODE
ONE-ARM or DUAL-ARM ATTACHEMENT (OPTIONALY 3rd
INTERFACE FOR OOB MANAGEMENT)
POLICY-BASED ROUTING SMTP TRAFFIC --gt FORTIMAIL
MTAs
MTAs
OUTGOING SMTP
MUAs
MUAs
SESSIONS INITIATED FROM THE INTERNET TO THE ISP
INTERNAL NETWORK ARE NOT SCANNED

• FortiMail is not inline
• The network redirects SMTP traffic to FortiMail
• Policy based routing or load-balancers
• Smooth integration into existing network
  environments
• No need to change IP addressing scheme or SMTP
  setup on MUA/MTA
• Although not explicitely destined to FortiMail,
  SMTP traffic is intercepted by FortiMail
  inspected, and clean traffic delivered to
  destination MTAs

10
ISP scenario

• ISP and Mobile Operators are concerned about
  filtering outgoing spam to protect their IP
  addresses from black-listing
• Spammers cause ISP addresses to be black-listed
  by DNSBL servers
• Outgoing SMTP connections any SMTP session
  initiated from the internal network and destined
  to MTAs on the Internet
• Outgoing mail flow are NATed behind the Service
  Provider public IP addresses

11
ISP scenario NAT impact

• Many-to-one NAT
• All users are NATed behind the same IP address
• If the public IP address is black-listed ALL
  internal users are blocked and cant send mail
• A single source of spam is enough to black-list
  the ISP address
• One to one NAT
• Private IP addresses are dynamically assigned to
  users
• Each private IP address is NATed behind a public
  IP address
• If a public IP address is backlisted because it
  has been used by a spammer, the next user that
  receives this IP address is blacklisted too

12
ISP scenario Requirements

• Antispam solution needs
• To be transparent
• No MTA or MUA modification
• To protect unknown domains
• Not realistic to list maintain the customer
  domains
• To support an unlimited number of domains
• To support antispam for outgoing mail flow and
  implement efficient filters that fit outgoing
  traffic type
• Different techniques are involved for outgoing
  flows than for incoming flows
• For instance IP reputation is unadapted
• FortiMail can do all of that

13
Server mode deployment
USERS
OUTGOING SMTP
INCOMING SMTP

• Mail server functionalities
• Webmail, SMTP, POP3 and IMAP client support
• Secure (SSL) WebMail client access
• Disk quota policy for user accounts
• Bulk Folder for spam mail

14
Mail routing decision

• Intelligent MTA
• FortiMail can take mail routing decision based
  on
• The original destination IP address (transparent
  mode)
• Its own calculation of the destination MTA
  (transparent or gateway mode) which can be done
  is various ways
• If the recipient domain is not explicitely
  defined in the FortiMail config
• DNS-MX resolution
• Default relay (IP address or DNS-A resolution for
  load-balancing)
• If the recipient domain is explicitely defined in
  FortiMail config
• DNS-MX resolution
• DNS-A resolution
• Static IP address
• LDAP lookup

15
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

16
FortiMail product line
SMALL ENTERPRISE
MEDIUM ENTERPRISE
LARGE ENTERPRISE
SERVICE PROVIDER
FORTIMAIL 100 (FULL INSPECTION)
FORTIMAIL 400 (FULL INSPECTION) RAID SUPPORT
FORTIMAIL 2000A / 4000A (FULL INSPECTION) RAID
SUPPORT REDUNDANT FANs IPS

• Dedicated appliance
• Integrated hardware and software
• Purpose build and hardened operating system
• Fit the need of any company size
• From SMB market to High-End Enterprise Service
  Providers
• Deliver the same protection level and features
  through the range

17
FortiMail 100

• SOHO or branch office use
• Hardware specs
• 4x 10/100 Ethernet ports
• Single 1.0 GHz CPU
• 512MB RAM
• 1x 120GB 3.5 IDE drive

18
FortiMail 400

• Medium to large enterprise
• Hardware specs
• 4x 10/100 ports
• 2x 10/100/1000 ports
• Single 3.0 GHz CPU
• 1GB RAM
• 2x 120GB 3.5 IDE drives
• Software RAID (0 or 1)

19
FortiMail 2000A / 4000A

• Large enterprise and Service Providers
• Hardware specs
• 4x 10/100/1000 Ethernet ports
• Single / Dual Xeon 3.0 GHz CPUs
• 2GB of RAM
• 6x / 12x 250GB 3.5 SATA drives
• Hardware RAID (0, 1, 5, 10 or 50)
• Redundant power supplies
• Hot-swappable fans

20
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

21
Policies

• Policies determine
• How incoming outgoing email is scanned for
  spam, viruses, and attachment
• What to do with spam or email messages containing
  viruses
• Policies
• Identify a mail flow based on the
• Source IP address
• Destination IP address (transparent mode
  specific)
• Recipient mail address
• And define which security check should apply to
  this mail flow
• Assign protection profiles to the identified mail
  flow
• Can also be retrieved from LDAP lookup
• Benefit
• Allow granular definition of services that should
  apply on specific type of traffic
• For instance, identify flows that should receive
• maximum security (strict AS profile)
• or maximum QOS (such as high session rate)

22
Recipient based policies

• Recipient based policies catch traffic based on
  mail addresses
• Explicite user mail address
• User groups (incoming policies)
• Or wildcard asterisk ()

23
IP based policies

• IP policies capture traffic based on IP addresses
• Src and/or dst IP addresses (transparent mode)
• Src IP address (in gateway and server mode)

24
Policy check How it works

• FortiMail first looks for an IP policy match
• IP policies are checked in sequence
• If there is an IP policy match
• FortiMail takes into account the session profile
  defined in the policy
• FortiMail then search the recipient policies
• except if the IP policy exclusive flag is set
• Else, FortiMail looks for a recipient based
  policy match

IP POLICY EXCLUSIVE FLAG
25
Protection profiles

• Profile a collection of FortiMail settings that
  control the email flow
• Profiles are selected in policies and run on any
  traffic the policy controls
• Several types of profile
• Session profile
• Set session rate
• Restrict the number of mail per session, of
  recipients per mail, of simultaneous session for
  the same client
• Prevent session encryption,
• Perform SMTP strict syntax check, domain check,
  etc.
• Antispam profile
• Antivirus profile
• Content profile
• Filter file type, file extensions, banned content
• Defer large message
• Authentication profile
• Authenticate sessions using SMTP, POP3, IMAP, or
  RADIUS servers

26
Comments

• You do not have to define the protected domains
• Mail Service Provider and Internet Service
  Provider environment
• Differentiated services can still apply based on
  IP addresses or recipient mail addresses
• Wildcard policies can be defined using
  IP0.0.0.0/0 or recipient address
• Antispam, antivirus, content and session profiles
  are available for incoming or outgoing mail flow

27
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

28
FortiMail Advanced Spam Detection

• FortiGuard-Antispam service
• FortiMail queries a central database
• FortiMail employs multiple sophisticated antispam
  technologies that complement the
  FortiGuard-Antispam service
• Session-based inspection
• Session level detection methods greatly reduce
  load
• Avoid unecessary mail processing and content
  scanning
• Most of the session control parameters are
  configured in the session profile
• Few of them in the antispam profile (grey listing
  DNSBL)
• Header and body inspection
• Configured in the antispam profile

29
FortiGuard-Antispam

• FortiGuard-Antispam uses a number of filtering
  techniques to detect and filter spam
• FortiIP Sender IP reputation database
• IP address scoring
• FortiSig1 Spamvertised URLs
• Block messages that have spam hosts mentioned in
  message bodies
• Detect spam based on the URIs (usually web sites)
  contained in the message body as opposed to the
  spam origin (used by RBL)
• FortiSig2 Spamvertised email addresses
• Lots of spam have an email address in the message
  body that prompts one to contact the spammers.
  Those email addresses are added to FortiSig
• FortiSig3 Spam object checksums
• Objects in spam are identified and a fuzzy
  checksum is calculated from each object which it
  then added top the FortiSig database
• Objects can be part of the message body or an
  attachment
• FortiRule
• FortiGuard also updates FortiMail local set of
  heuristics rules

30
FortiIP Sender IP reputation

• FortiGuard-Antispam maintains a global IP
  reputation database
• The reputation of each IP is built and maintained
  based on tens of properties gathered from various
  sources
• The properties include
• The whois information, geographical location,
  service provider,
• Whether it is an open relay or hijacked host,
  etc.
• One of the key properties is the email volume
  from this sender as gathered from our FortiGuard
  service network
• By comparing a sender's recent email volume with
  its historical pattern, FortiGuard-AntiSpam
  updates each IP's reputation in real-time and
  provides a highly effective sender IP address
  filter

31
FortiGuard-Antispam overview

• To achieve up-to-date real-time spam
  identification, Fortinet utilizes globally
  distributed spam probes that receive over one
  million spam messages per day
• Each message is processed through multiple layers
  of identification processes to produce an
  up-to-date list of spam origins
• To further enhance the service and streamline
  performance, each of the known identities in
  the list is continually re-tested to determine
  the state of the origin (active or inactive)
• If a known spam origin has been decommissioned,
  the origin is then removed from the list, thus
  providing customers with both accuracy and
  performance

32
FortiMail Advanced Spam Detection

• Session based inspection
• SMTP syntax verification and RFC compliancy
• SMTP checks (sender/recipient domain check,
  prevent open relay, etc.)
• SMTP rate limiting (simultaneous sessions, new
  sessions / period of time, etc.)
• SMTP error control
• Recipient address check (valid mail address)
• Greylist Filtering
• Local Reputation Filtering
• Etc.

33
Session level Protocol check

• Consider at least the two following options

34
Session level SMTP errors

• Errors sometimes indicate attempts to misuse the
  server
• You can impose delays or drop connections if
  there are errors

35
Session level Unauth sessions

• Check sender domain
• Checks the existence of the sender domain by
  looking up both the MX record and A record
• One successful query would pass the check
• Enable it depending on deployment scenario
• Useful for ISP outgoing antispam and
  MSP/Enterprise incoming mail
• Check recipient domain
• Checks the existence of the sender domain by
  looking up both the MX record and A record
• One successful query would pass the check
• Enable this depending on your deployment scenario
• Useful for ISP/MSP/Enterprise outgoing antispam

36
Session level Unauth sessions

• Reject if recipient and helo domain match but
  sender domain is different
• If the recipient (RCPT TO toto_at_fortinet.com)
  and helo domain match (for instance, SMTP client
  host name mailserver.fortinet.com), then it is
  expected that it is an internal mail
  (sender_at_fortinet.com in our example) the mail
  should be coming from Fortinet and destined to
  Fortinet.
• That's why if the sender domain is not the same
  as the recipient domain, FortiMail would drop the
  connection
• It is very unlikely that a well-configured mail
  server would make such a connection
• Prevent open relaying
• Verifies that the RCPT TO domain matches the IP
  address given by MX lookup but allow if
  authentication is used

37
Session level Settings for unauth sessions
38
Session level Recipient address check for
incoming mail

• Recipient address verification helps to detect
  incoming spam
• Ensure that email with invalid recipients is
  rejected, not scanned, nor sent to the backend
  email server
• Support SMTP server or LDAP database

DEFINE THE APPROPRIATE METHOD FOR RECIPIENT CHECK
39
Session level Session rate limiting

• Adjust the quality of service
• Control the number of simultaneous connections as
  well as the number of connections within a
  certain amount of time
• Adjust this settings if you filter outgoing spam
  and you have a large internal source of mail

40
Session level Sender Reputation

• An anti-spam measure managed by FortiMail and
  requiring no maintenance or attention
• FortiMail keeps track of SMTP client behavior
• If a sender delivers mail including spam and/or
  viruses, or a large number of invalid users, the
  sender reputation feature will take measures
  against them
• Those sending excessive spam messages, infected
  mail, or messages to invalid recipients will have
  their deliveries limited
• Should clients continue delivering these types of
  messages, their connection attempts will be
  rejected entirely
• To make it working efficiently, network must not
  hide the client IP addresses to FortiMail
• FortiMail is not connected behind a NAT device
• FortiMail is not receiving connections from a
  relay

41
Sender Reputation Specifics

• FortiMail records for each SMTP client (IP
  address)
• Total number of messages delivered
• Number of messages detected as spam
• Number of messages infected with viruses or worms
• Total number of recipients
• Number of invalid recipients
• FortiMail determines a senders reputation score
  using 2 ratios
• The amount of good email compared to the bad mail
• The total number of recipients as compared to the
  number of bad recipients
• FortiMail uses email information up to twelve
  hours old, and recent mail influences the score
  calculation more than older mail
• Score from 0 to 100, (0 a very well behaved
  sender, 100 the type of sender youd rather
  avoid)
• After 12 hours without a mail delivery from a
  client, client records are deleted
• The sender reputation score is compared to 3
  thresholds (customizable)
• Above the 1st value, FortiMail limits the number
  of messages accepted per hour
• Above the 2nd value, FortiMail rejects the
  connection returning a temporary fail error
• Above the third value, FortiMail refuses the
  connection returning a reject message

42
Sender Reputation configuration

• Sender reputation is configured and enabled in
  the session profile
• It can be used with the following default
  settings

43
Session level IP black listing

• DNSBL
• DNS Blacklist
• List of IP addresses that are known to originate
  spam
• Configure a public DNSBL server
• such as sbl-xbl.spamhaus.org

44
Session level Greylisting

• A mean of reducing spam in a relatively low
  maintenance manner
• No IP address lists, email lists, or word lists
  to keep up to date
• The only required list is automatically
  maintained by the FortiMail unit
• Block spam based on the behavior of the sending
  server, rather than the content of the messages
• When receiving an email from an unknown server,
  the FortiMail temporarily rejects the email
• If the mail is legitimate, the originating server
  will try again later, at which time the FortiMail
  unit will accept it
• Spam servers will very unlikely attempt a retry
• Grey listing is enabled in the antispam
  incoming/outgoing profiles

45
Session level Greylisting

• TTL The time to live setting
• How long the to/from/IP data will be retained in
  the FortiMail greylist
• When the entry expires, it is removed and new
  messages are again rejected until the sending
  server attempts to deliver the message again
• Grey listing period
• Length of time the FortiMail will continue to
  reject messages with an unknown to/from/IP
• After this time expires, any resend attempts will
  have the to/from/IP data added to the greylist
  and subsequent messages will be delivered
  immediately

46
Greylisting Specifics

• Greylist routine looks at the envelop and extract
  3 values
• Sender address (Mail From)
• Recipient address (Rctp to)
• IP address of the mail server delivering the
  message
• If the greylist routine doesnt have a record of
  a message with these three values
• Message is refused
• Temporary error is reported to the server
  attempting delivery
• The delivering server should later attempt to
  send the mail again
• Mail servers following specifications (RFC 821)
  will attempt to retry deliveries that fail with
  expected error codes
• Most spam mail is not delivered by standard mail
  servers, but rather by applications designed
  specifically for spam distribution
• If another delivery is attempted, the message is
  accepted
• FortiMail has stored the 3 attributes so any
  subsequent messages with these same three values
  is immediately accepted

47
Grey listing Comments

• Grey listing is a very efficient method that is
  destined to MTA sessions
• Grey listing should not apply to MUA sessions
• If it is not possible for FortiMail to
  distinguish MUA sessions from MTA sessions, do
  not enable grey listing
• Example ISP deplopyment for outgoing antispam
• FortiMail automatically bypass grey listing for
  SMTP sessions it authenticates

48
Header and body inspection

• Header and body inspection
• Deep header scanning
• Image Analysis Filtering
• Heuristics Rules (several thousands) dynamic
  update
• Maintained by Fortinets antispam research team
• Automatic upload through FortiGuard services
• Public SURBL
• Attachement filtering (PDF scan)
• Per User / Domain Bayesian Filtering
• Locally administered black/white list of domains
  and users
• Banned words / dictionnary scanning

49
Header inspection

• Black IP checking looks at the Received fields
  of the email header
• Extracts hostnames and IP addresses of mail
  servers the email has gone through
• Pass them to the FortiGuard-Antispam service,
  DNSBL, or SURBL servers
• Header analysis examines the entire message
  header for spam characteristics
• Leverages Fortinets extensive known-spam library
  to add intelligent analysis to email header
  content ultimately improving detection of image
  spam that attempts to evade antispam filters

50
Content inspection SURBL

• SURBL Spam URI Realtime BlockList
• List of spamvertised sites
• Also called spammy URL
• Allows to block mail that have spam hosts
  mentioned in bodies
• web servers, sites, domains
• Configure a public SURBL server
• Such as multi.surbl.org

51
Content inspection Image scanning

• An increasingly common tactic used by spammers is
  to replace the message body with an image file
• This image file displays a graphic of the desired
  text
• Image spam are difficult to detect since spammers
  slightly change the image
• To avoid signature based detection methods (such
  as FortiSig3 Spam object checksums)
• FortiMails image scan detects spam where the
  message body includes an image
• Examines and identifies GIF, JPEG, and PNG
  graphics
• Detects spam based on email header and body
  analysis, and image processing
• Process is locally achieved by FortiMail and does
  not use OCR (optical character recognition)
• Our testing has shown this method is not
  effective enough

52
Content level PDF scan

• Enable PDF scanning
• All content filters will apply
• SURBL
• Black IP scan
• Image scan
• Banned words
• Etc.

53
Antispam actions

• Per antispam profile settings

54
Spam report

• Set the time for the FortiMail unit to send spam
  reports to email users
• Customize the report message and HTML appearance
  as you wish

55
User quarantine

• Allow users to access their quarantine by web mail

56
Quarantine User preferences

• Language customization
• User BWL settings
• Etc.

57
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

58
Antivirus check

• FortiMail detects viruses and spyware embedded in
  SMTP email messages and removes them
• Provides both Wildlist and Zoolist/legacy virus
  protection against more than 300,000 viruses and
  variants
• Leverage the award winning Fortinet Antivirus
  engine
• ICSA certified
• FortiMail inserts replacement messages to notify
  the recipient, or silently block infected email
  or warn sender of failed delivery
• Automatic antivirus engine and signature files
  update
• Do NOT charge per user mailbox

59
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

60
FortiMail clustering

• Supported in transparent/gateway/server mode
• Supports 2 HA modes
• Config-only HA mode
• Up to 25 FortiMail units share a common
  configuration, but operate as separate FortiMail
  units
• Usually implemented with external load sharing
• load-balancers, DNS round robin, etc.

61
FortiMail clustering

• HA Active-passive mode
• Two FortiMail units providing failover protection
• HA synchronization
• Configuration synchronization
• Except few parameters that should not be
  synchronized FortiMail hostname, SNMP
  information, some HA settings
• Mail data synchronization
• Include and selectively synchronize System mail
  directory, user home directories, and MTA spool
  directories
• HA health check
• Interface monitoring
• Service monitoring (SMTP, POP3, etc.)
• Supports redundant HA interfaces
• Choose behaviour after recovery preemption
  ON/OFF, offline state, etc.

62
FortiMail clustering
DEFINE FORTIMAIL BEHAVIOUR AFTER RECOVERY
(PREEMPT, OFFLINE, ETC.
SUPPORTS REDUNDANT HA INTERFACE
DEFINE FAILURE DETECTION SETTINGS
63
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Reporting

64
Archival Meet regulatory requirements

• Selectively archive mails based on
• Sender
• Recipient
• Content Pattern
• Keywords in subject
• Keywords in body
• Attachment type

• Storage
• FortiMail HD
• scheduled SFTP/FTP upload
• Or External NAS storage

65
Agenda

• Introducing FortiMail
• FortiMail deployment scenarios
• FortiMail product line
• Differentiated services policies and profiles
• Antispam techniques
• Virus detection
• FortiMail HA
• Email archiving
• Management / Logging / Reporting

66
Management / Logging / Reporting

• Easy management that answers SMB and High End
  need
• Wizard option for fast and easy deployment
• Configuration tasks
• Through Intuitive GUI (basic and advanced modes)
• Though CLI mode
• Logs
• On device local logging
• Syslog/FortiAnalyzer output
• Provide full visibility about the mail usage
• Over 240 embedded HTML or PDF reports
• Mail stats, virus stats, spam stats, etc.
• Alerts and resources usage
• SNMP traps and MIB polling
• CPU Usage, Memory Usage, Log Disk Usage, Mailbox
  Disk Usage, Deferred queue, Detected virus,
  Detected spam, etc.

67
Wizard for fast easy deployment

• Provides a way to quickly have the FortiMail unit
  up and running

• Administrator does not have to know choose
  antispam techniques
• Involves only 6 steps
• Step1 Admin pwd
• Step2 IP/DNS/Time info

68
Wizard for fast easy deployment

• Step3 Local domain
• Step4 Protected domain

69
Wizard for fast easy deployment

• Step5 Incoming protection
• Antispam level (high/medium/low)
• Antivirus service ON/OFF
• Step6 Outgoing protection
• Antispam level (high/medium/low)
• Antivirus service ON/OFF
• Access control for relay permission

70
Wizard for fast easy deployment

• Review, save and its done!

71
Report sample
72
FortiMail key points
Fit any deployment scenario and network
requirement (explicit or transparent proxy, route
or bridge packets, visible or unvisible in the
headers, etc).
No OEM agreement, 100 Fortinet technology, no
user licences
Support advanced HA with network and service
check, mail data synchronization, etc.
Supports outgoing spam filtering
Includes extended reports and large quarantine
server
Administration that fits SMB, Enterprises and
Service Providers
73
Thank you !Questions ?