th FortiMail 5.3.8 Student Guide for FortiMail 5.3.8DO NOT REPRINT © FORTINET FortiMail Student Guide for Fortiail5.3.8 Last Updated: 13 Apel 2017 We would like to acknowledge the following major contributors: Carl Windsor, Khalid Hassan, Michal Kulakowski and Laurent Blossier Fortinet, FortiGate®, and ForiGuard® are registered trademarks of Fortinet, Inc. in the U.S. and other jurisdictions, and other Fortinet names herein may also be trademarks, registered or otherwise, of Fortinet. Al other product oF company names may be trademarks oftheir respective owners. Copyright {© 2002 -2017 Fortinet, Inc. All rights reserved. Contents and terms are subject to change by Fortinet without prior notice. No part ofthis publication may be reproduced in any form or by any means or Used to make any derivative such as transation, transformation, or adaptation without permission from Fortinet, Inc., as stipulated by the United Statos Copyright Act of 1976,DO NOT REPRINT © FORTINET Table of Contents VIRTUAL LAB BASICS. Network Topology. 8 Lab Environment. 8 ‘System Checker. 9 Logging In 10 Disconnections/Timeouts. 12 ‘Transferring Files to the VM. 13 ‘Screen Resolution 13 Intemational Keyboards. 13 ‘Student Tools: View Broadcast and Raise Hand, 14 Troubleshooting Tips 14 LAB 1—INmIAL SETUP .. Objectives 17 Time to Complete. 17 1 Verifying DNS Records. 18 2 Configuring a Server Mode FortiMail 20 8 Configuring a Gateway Mode FortiMall 27 LAB 2—AccEss CONTROL AND POLICIES ... Objectives at Time to Complete. 31 4 Outbound Email Flow. 32DO NOT REPRINT © FORTINET 2 Relay Host. 36 3 Policy Usage Tracking. 37 4 Policy Creation. 39 LAB 3—AUTHENTICATION ....s.0 Objectives, 42 Time to Complete. 42 Prerequisites a2 1 User Authentication Enforcement 43 2 LDAP Operations 48 LAB 4—SESSION MANAGEMENT. Objectives 59 Time to Complete. 59 Prerequsites| 59 + Connection Limits 60 2 Sender Address Rate Control 63 3 Header Manipulation 68 LAB 5—ANTIVIRUS ..sosssseentse Objectives 68 Time to Complete, 68 1 Antivirus Scanning for Malware Detection. 69 LAB 6—CoNTENT INSPECTION Objectives 72 Time to Complete. 72 41 Content Inspection 73DO NOT REPRINT © FORTINET 2 Data Loss Prevention, LAB 7—ANTIsPAM Objectives, Time to Complete. Prerequisites 1 Scan incoming Email for Spam 2 Testing the Antspam Configuration 3 User Quarantine Management 3 Scan Outgoing Email for Spam LAB 8—SECURING COMMUNICATIONS. Objectives Time to Complete. 4 Implementing SMTPS 2 Implementing Content-nspection-Based IBE. 2 Accessing IBE Emails LAB 9—HIGH AVAILABILITY ..... Objectives, Time to Complete. Prerequisites 1 Configure the Primary FortiMell 2 Configure the Secondary FortiMall 3 Verify Custer Health 4 Configure HA Vital P 5 Remote Services Monitoring. 83 83 83 86 88 1 93 93 98 102 105 105 105 105 407 108 410 413 116DO NOT REPRINT © FORTINET LAB 10—SERVER MoDE 120 Objectives 120 Time to Complete. 120 Prerequisites: 120 1 Configure Resource Profiles. 121 2 Address Book LDAP Import. 124 LAB 11—TRANSPARENT MODE. 128 Objectives 128 Time to Complete, 128 1 Configuring a Transparent Mode FortiMail 129 2. Configuring Bidirectional Transparency. 134 LAB 12—MAINTANENCE. 138 Objectives 138 Time to Complete, 138 1 Configure and Generate Local Reports, 139 2 Monitoring System Resource Use 141 3 Local Storage Management. 144 LAB 13—TROUBLESHOOTING. 146 Objectives, 146 Time to Complete. 146 Prerequisites 148 1 Troubleshooting the Problem 147 2 Fix the problem 153DO NOT REPRINT © FORTINET APPENDIX A: ADDITIONAL RESOURCE: APPENDIX B: PRESENTATION SLIDES... 1 Email Concepts. 186 2 Basic Setup 191 3 Access Control and Policies 23 4 Authentication 268 5 Session Management 295 6 Antivirus & Content Inspection 328 7 Antispam 378 8 Securing Communications azz © High Avaiiabity ars 10 Server Mode. 498 11 Transparent Mode, 525 12 Maintenance & Troubleshooting, 555DO NOT REPRINT » Vital Lab Basis © FORTINET Virtual Lab Basics In this class, you will use a vital lab for hands-on exercises. This section explains how to connect to the lab and its virtual machines. It also shows the topology ofthe virtual machines in the lab. note: your trainer asks you to use a diferent lab, such as devices physically located in Your classreom, please ignore this section, This applies only toe vitual ab accessed through the internet Ifyou do not know which ia to Use, please ask your trainer. Network Topology ‘Domain intamal iad a Windows: 100.111 100198 10.0.4.10, gent 10.200.1.254 Domain’ extemal lab Lab Environment Fortinets virtual lab for hands-on exercises is hosted on remote datacenters that allow each student tohhave their own training lab environment or PoD point of deliveries. BEA ALA FortiMall Student Guide 8DO NOT REPRINT » Vitua Lao Bases © FORTINET System Checker Before starting any class, check it your computer can successuly connect tthe remote datacenters ‘The System Checker uly verfles i your network connection end yout web browser ae relable to connec othe wrt lb. You donot have tobe logged into the ab potaln order to perform the System Checker. To run the System Checker 4. Glick the URL for your location: Region System Checker ‘AMER - North and South | httosi/remotelabs. raining fortinet comitraining/syscheck/?Iocation=NAM. ‘America West EMEA - Europe, Middle Y ain heck ioctl East and Attica APAC ~ Asia and Pacific a r a heck/?location=AP/ I your computer successfully connects to the virtual lab, the Browser Check and Network Connection Check each display a check mark icon. You can then proceed to lg in. any ofthe tests fall: ‘+ Browser Check: This affects your ability to acess the vitual lab environment. ‘+ Network Connection Check: This affects the usability of the virtual lab environment, For solutions, click the Support Knowledge Base link or ask your trainer. [check My System rete System Coser ines ceerine mney Cont spon ct emt] Browser Cheek Owen OQ wxramstnentonenemen Nowork Connection Cneck Ooms kK i c = £ rtiMail Student Guide °DO NOT REPRINT » Vitua Lao Bases © FORTINET Logging In ‘Once you confirm your system can successfully run the labs through System Checker, you can proceed tolog in To log in to the remote lab 1. With the user name and password provided by your trainer, you can either: ‘+ Login from the Login access at the bottom of the System Checkers result. ‘© Log into the URL forthe virtual lab provided by your trainer: bitpes/remotelabe. raining fortinet com! ATINET. Losin te Fertinet Tring Wwmicrotek ano Mca al Lt a SL inaccioet 2. prompted, select the time zone for your location, and then click Update. i This sues tha yours schedule i acct 7 Click Enter Lab. Ez FortiMail Student Guide 0DO NOT REPRINT » Vitual La Bask © FORTINET ‘Ansan's Training Schedule Manage and vente classes youareeitered for FortiMall 53.8 ‘Your system dashboard will appear, listing the vitual machines in accordance with your lab topoiogy. From this page, open a connection to any virtual appliance by doing one of the following ‘© Clicking the device's square (thumbnail) My Systems ‘= Selecting Open from the System drop-down list associated to the VM you want to access, rfiMail Student GuideDO NOT REPRINT » Vitual La Basis © FORTINET wiesone G _ Note: Foiow the same procedure to access any of your vital devices ‘Anew web browser tab opens, granting you access tothe virtual device. When you open @ VM, your browser uses HTMLS fo connect to it, Depending on the virlual machine you select, the web browser provides access to either a text- based CLI or the GUL, Connections to the Windows VM use a Remote Desktop-ike GUI. The web-based connection should ‘automatically log in and then display the Windows desktop. For most lab exercises, you will connect to this Windows VM. KE ir c = Disconnections/Timeouts your computer's connection with the vitual machine times out, or if you are accidentally disconnected, to regain access, retum tothe inital window/tab that contains your session's list of ‘VMs and open the VM again,DO NOT REPRINT » Vital Leb Basis © FORTINET It thal does not succeed, see the Troubleshooting Tips section of this guide. Transferring Files to the VM Ifyou store files in a cloud service such as Dropbox or SugarSyne, you can use the web browser to download them to your Windows VM. From there, if required, you can use @ web browser to upload them to Fortinet VMs" GUI When connecting to @ VM, your browser should then open a display in a new applet window. Screen Resolution ‘Some Fortinet devices! user interfaces require a minimum screen size Inthe HTML 5 client, to configure screen resolution, open the System menu. Timefemening thous Keyboard ~ Power off Overunite Statesave Revertto Last statesave fever to intl state International Keyboards characters in your language don't ésplay correctly, keyboard mappings may not be correct. To solve this, open the Keyboard menu at the top of the tab of any GUI-based VM, and choose to display an on-screen keyboard. E Wl Show On-Screen Keyboard 8 Send CtL-A Del FortiMail Student Guide 8DO NOT REPRINT » Vitua Lao Bases © FORTINET Student Tools: View Broadcast and Raise Hand Your instructor is able fo broadcast his lab systems in order to allow students to see any on-going task in realtime. When an instructor begins a broadcast, you wil eceive an alert atthe top ofall open lab ages. To accept and view the broadcast, you may either click on the notification message or click View Broadeast on the left side panel. you have any question or issue, use the Ral you. Hand tool, your instructor wll be notiied and wil assist o ra ® rormasrone Fy TROUBIBSTOS! ng Tips Do not connect tothe virval lab enviconment through WI-F, 3G, VPN tunnels, or other low- bandiwicth oF high-lateney connections For best performance, use a stable broadband connection such as a LAN. ‘+ Prepare your computer's settings by disabling screen savers and changing the power saving scheme, so that your computer is always on, and does nal goto sleep or hibemmate, ‘+ If disconnected unexpectedly from any of the vital machines (or from the virtual lab portal), please ‘attempt to reconnect. f unable to reconnect, please notify the instructor ‘= Ifyou can't connect to a VM, on the V's icon, you can force the VM to start up and by clicking System > Power Cycle. This fixes most problems. If that does not solve the problem, revert the VM to its initial state by System > Revert to Initial State. KE ir c = FortiMail SiDO NOT REPRINT eren © FORTINET Revert ast G Note: Reverting to the VAs inal snapshot will undo al of your work. Try other solutions fist ‘© Ifduring the labs, particularly when reloading configuration files, you see a limited management GUI ‘Similar tothe one shown below, the VM is waiting for a response to the authentication server. 4 3%. Fermin + Toretry immediately, go to Maintenance > FortiGuard > Update, and click Update Now. FortiMail Student GuideDO NOT REPRINT © FORTINET rere ae oners (Bee tn nn ‘unr merastese WOiRioRD |B 2 song te ( Useomsepan ret 1 stetltentte ter ie] ome) » Virtual Lab Basics ‘© Ifthe authentication server response is received, you should be redirected to the login page FortiMail VMO1 mn | 22 8 FESRATINET ‘+ Ifyou don't see the above prompt, wait a few minutes and try again, or ask your trainer. FortiMall Student Guide K Wl c Ec CDO NOT REPRINT » LA6 ttl Setup © FORTINET LAB 1—Initial Setup In this fab, you will verity the DNS MX records for both of the lab domains, perform the initial Configuration tasks for the FortiMail VMs installed inthe internal.lab domain for inbound email, and configure an email client to connect to a server mode FortiMail. Then, you will issue basic SMTP ‘commands and inspect email headers to understand the flow of SMTP. Objectives + Veity ONS MX record forthe lab domains «Contig he inital sytem and ema stings onthe server mode Fora + Configure the inal sytem and emai stings onthe gateway mode Forti «Manualy send basic SMTP commands fo an emai server to understand the SNTP protocl Time to Complete Estimated: 45 minutes FortiMail Student Guide 7DO NOT REPRINT © FORTINET 1 Verifying DNS Records DNSis 2 ctical component in routing email messages. In this exercise, you will use Windows DOS ‘commands to verify he published DNS MX records for both internal.ab and externalab domains, 0 Understand the lab network mail routing, To verify MX records 1. In Windows, open a command peompt window, and then enter the folowing commands to display the MX records associated with the external.lab domain: ns Lookup lab You should receive an output similarto the following: \What isthe primary MX record forthe external lat domain? \What isthe secondary MX record for the external lab domain? SB Note: As indicated in the » with the external.lab domain. sokup query output, there s only one MX record associated external lab MK pre! =10 Therefore, all email messagess sent to the extemnal.lab domain must be sent to the extery.external . Lab (10.0.1.99) host. 2. In the same command prompt window, enter the fallowing commands to display the MX records associated with the Internal.lab domain slab nslookup -type=mx Lotern: You should receive an output similar to the following:DO NO T REPRINT » LAB 1Initial Setup © FORTINET g 3. w Fort What isthe primary MX record forthe internal labs domain? \Whatis the secondary MX record forthe internaLlab domain? Note: As indicated in the ns Lookup query output, there are two MX records associated with the intemal.lab domain, intgw.internal.lab MK preference = 10 intsry.internal.lab MK preference = 20 The intgw.internal tab (10.0-1.11) hostis the primary MTA for the internal.tab domain because it has the lowest preference value. However, al this point in the lab, you haven't configured the IntGW FortiMall VM to process email, therefore, it won't respond to any SMTP sessions. When the TCP connection fais, the remote sender wil automatically try o send email to the next MX record on thelist -intorv. internal. 1ab (10.0.1.89) Close the command prompt window. Caution: In the lab network, the MX records forthe internalab domain are geared for convenience, and should not be used as a template for real-world deployments. Since the back-end mail server might not have the ful range of email security features enabled, publishing i as a secondary MX entry is detrimental to security. Spammers can easily identify and exploit these servers using MX records. Publishing the back-end mail server as a secondary MX entry wil also prevent certain ForiMal features - such as greyisting, sender reputation - from working effectively KE ir c = f {Mail Student Guide 19DO NOT REPRINT LAB tnt Setup © FORTINET 2 Configuring a Server Mode FortiMail Inthe lab network, the IntSRV server mode FortiMall is intended to be the mail server forthe Internal ab domain. Itis where the end user mailboxes are, where you will perform all ser- ‘management tasks, and where you will perform tasks specific to server mode. Ins exerse, you wil perform the basic configuration tasks required to estabish inbound emai flow on tho Int SRV Forthfad VM. You wil vriy your configuration by sending an emai fom the ExtSRV FortiMail VM and then reviewing the logs. Then, you will configure a Mail User Agent (MUA) to connect tothe server mode ForiMal To verify the operation mode 4. In Windows, open a web browser. Visite IntSRV FortMai's management GUI ttpsi/intsrintoralabladmin Ignore any security warnings generated by your browser. The warnings relate to the CN field and the signar ofthe self-signed FortiMail cvtficate, Log in as admin and leave the password field empty. On the System Status page, locate the System Information widget and verify that the Operation. ‘mode is Set to Server. ooo we ri (Gana ie 6900) Make} Euroa: ‘remanent To configure the system settings 4. Click Systom > Network > Interface. 2. Select port, and then clk Eat K 2. Very and confgur the following valves for portt: i c Field Value = enon et Marval £ IPINetmask: 10.0.1.99/24 L tiMail Student GuideDO NOT REPRINT » LAs tna Setup © FORTINET ‘Access: HTTPS PING SSH TELNET ‘Administrative status: Up 4. Click OK. 5. Click System > Network > Routing. 6. Click New. 7. Add a new static route using the following values: Field ‘Value Destination IP/netmask: 0.0.0.00 Interface: portt Gateway: 10.0.1.254 Click Create to save the static route Click System > Network > DNS, and then configure the following DNS servers: Field Value Primary DNS server 10.0.1.254 ‘Secondary DNS server 0.0.00 Note: Ther is only one DNS server inthe ab network: therefore you are only configuring only the Primary BNS eerver field. However, in a production ForiMaldeploymert, ou Should configure a primary and a secondary ONS server. 410. Ck Apply to save the DNS changes. To configure the mail settings 1. Click Mal Settings > Settings > Mail Server Settings. 2. Configure the following values under Local Host Field ‘Valve Host name: Int SRV Local domain name: Intemaliab 3. Keep the default values for the remaining settings, and then click Apply to save the changes. 4. Click Mail Settings > Domaine > Domains. KE ir c = f 5. Click New to add a protected domain using the following values:DO NOT REPRINT » LAs tna Setup © FORTINET To create server mode users Field ‘Value Domain name: intemaliab Koop the default values for the remaining settings, and then click Create, Click User > User > User. Click New to create @ new mail user on the server mode FortiMail using the following values: Field Value User name: Usert ‘Authentication type: Local Password: fortnet Display name: Mail User 1 Click Create to save the user configuration To verify the configuration 1 In Windows, open a new web browser tab. Visit the ExtSRV FortiMail's webmail GUI bitosi/extsrv extemal tabi Ignore any security warnings generated by your browsor. The warnings relate to the CN feld and the signer ofthe self-signed FortiMail certificate. Log in as oxtuser using the password Fort inet Click the Compose Mall con (4), and then compose a new email message using the folowing values: Field Value To: “1 ut Subject: Hello Wort Message Body: ‘Your configuration is successtut Click Send, Open a new web browser tab. Visit the IntSRV FortMal's webmail GUL bitpsv/intsrv internal abi Ignore any security warnings generated by your browser. The warnings relate to the CN feld and the signer ofthe self-signed FortiMail cortficate, KE ir c = f Log in as user! using the password Fortinet. It the test email message doesn't appear inthe inbox, click Refresh, tialDO NOT REPRINT > LAB tinal Setup © FORTINET 8. Log out ofthe webmail interface. 9. Close the browser tab. To review the logs 4. Vist the Int SRV ForiMai's management GUI: tiips/intsrinteralabyodmin 2. Cick Monitor > Log > story. 3. Double-click the curent og fe. aa Siow IF - we Gi | hn JI) ecco st) Sah 4. Review the logs and verify thatthe system applied the appropriate Classifier and Disposition to your test email message. (CC ee em oan ee ee K Wl | c E Cc a FortiMail Student Guide 2DO NOT REPRINT LAB tnt Setup © FORTINET To configure an MUA to connect to the server mode FortiMail 4. In Windows, open Mozilla Thunderbird. Ifthe system prompts you to sign up for a new emai ‘address, click Skip this and use my existing email 2. After the Mail Account Setup wizard stars, enter the account information for Mail User 1. ‘oven | | cee 3. Click Continue. Thunderbird attempis to auto-configure the server settings. Click Manual Config. Yow ene [eT] ve == 1 tao Coentontondeynna:ennan eerie (sear p=] [oar 4. Modify the auto-discovered Server hostname values for both Incoming and Outgoing to match the following screenshot, and then click Done. KE 7 c = FortiMail Si 24DO NOT REPRINT © FORTINET Yeurnone rman aso he mel sete [er iar aware [20 Cente pine Contmion undying arene rams fa ~| [snare >] » LAB 1—nitial Setup i 1 core 5. Thunderbird displays a warning about unencrypted passwords. Check I understand the risks and then click Done, G_Caution: While unencrypted passwords are fie fora lab network, they shouldbe avoided in real-wor'd deployments. ©. Thunderbird displays a certificate security warring. Select the Permanently store this exception check box, and then click Confirm Security Exception to complete the Mail Account Setup wizard FortiMall Student Guide K Wl c Ec C LDO NOT REPRINT > LAB tinal Setup © FORTINET ea cine res ter est at out dt rT “Tro mgt ry oa tii forma Tyce igo ser ih codon ha Uninown tei The cates isnttuedbcoue the ben ved sive stad we 7. If your configuration is correc, the test email you created in the previous exercise appears in ‘Thunderbird, in your local inbox. [EE] cae view Go Menge Grand Tos Tosh tb Lcamengo - wie = Wom Lads teok | Oty ~ RGR P= oH «hx 24Fa so. ed FortiMall Student Guide 28DO NOT REPRINT » LAs tna Setup © FORTINET 3 Configuring a Gateway Mode FortiMail Inthe lab network, the IntGW gateway mode FortiMallis intended to be the MTA for the internaL.lab domain. itil be the relay server for he Int SRV FortiMall,and also where most of the inspection Configuration tasks will be performed In this exercise, you will perform the configuration tasks required to establish inbound ema flow on the IntGW FortiMail VM. Then, you wil verify your confguration by manually composing an email using telnet session, and reviewing the headers of the email in your Thunderbird mall client. B Note: Recall the DNS verification tasks you performed in the fist exercise. As the MX records show, the Jnt.gu.internal.2ab (10.01.11) hosts the primary MTA forthe internal lab main. So, allemall messages should be sent tothe IntGW FortMall st for processing. The IntGW Forth wil then pass tho oral tothe intSRLV ForiMal VM for Gelvery tothe end user. To configure the system settings 1. On the My Systems page, click IntGW. This opens a new tab with the console ofthe IntGW_ FortiMial VM. Click anywnere in the console window, end then press the Enter key, Log in as admin and leave the password field emply. 4. Configure the portt IP address, subnet mask, and access options using the following CLI commands: config system interface edit port set ip 10.0.1.11/24 set allowaccess https ping ssh telnet 5. In Windows, open a new web browser tab, Vist the IntGW FortiMiai's management GU bttpss/intgw intemal abladmin 6. Log nas acimin and leave the password field empty a Click System > Network > Routing, Wl Click New, andthen adda new sac route using he flowing values c = Field Valve f£ Destination P/netmask: 00.00 Interface: porttDO NOT REPRINT LAB tnt Setup © FORTINET Field ‘Value Gateway: 10.0.1.254 9. Click Create to save the static route, 410. Click System > Network > DNS, and then configure the following DNS servers: Field ‘Value Primary DNS server: 10.0.1.254 ‘Secondary DNS server: 00.00 14. Click Apply to save the DNS changes. To configure the mail settings 1. Click Mail Settings > Settings > Mail Server Settings. 2. Configure the following values under Local Host Field ‘Valve Host name: Inew Local domain name: intemaliab| 3. Keep the default values forthe remaining settings, and then click Apply to save the changes. Click Mail Settings > Domains > Domains. 5. Click New to add protected domain using the following values: Field Value Domain name: intemalab SMTP Server: 10.0.1.99 Note: 10.0.1.09 is the IP address of the IntSRV host, This is the server made Fort Mail that you configured in the previous exercise. itcontains the user mailboxes for the Internal.lab domain. Therefore, the IntGW host is configured wih 10.0.1.99 as the Protected SMTP Server. 6. Keep the default values forthe remaining settings, and then click Create To verify the configuration 1. In Windows, open a command prompt window. KE ir c = f 2. Enter the folowing commands to start a telnet session on port 25 ofthe IntGW FortiMal!:DO NOT REPRINT > LAB tinal Setup © FORTINET K Note: You can't use the backspace or delete key to correct any typing errors. if you mak ‘a mistake, close the connection and stat over. telnet intgw.internal.lab 25 walt fr reply... ehlo 10.0.1.10 ait for roply... nail from: wait for reply. ‘opt to: wat for reply. data wait for reply. Subject: Test Mes: Message body wat fr reply... quit 3. In Thunderbird, open the test message that you sent in the previous step. 4. View the ful headers of the message. To de ths, in the More drop-down list, select View Source: cisco ee ee ney fad ee Ghat Ee [SE kK i c e £ FortiMall Student Guide 2DO NOT REPRINT LAB tnt Setup © FORTINET 5. Compare the Receiveds headers inthe Telnet session email with the Hello World! email you sent in the previous exercise, What differences do you see? G ote: tro Hol World emai’ xece.vea header shows that ho IntSRV FortMal received the emal directy from the ExtSRV FortiMail Received: from ((10.200.1.9911 by with ESMTP 4d vioLzmoa002643-vioLznac002443 ‘The Telnet session emal's f.2c2: ved header shows that the email was processed fist by the IntGW FortiMail, and then handed off 1 the Int SRV FortiMail Received: fron (120.0.2.111) by with ESNTP id vioNw47q002651-vioMwe78002651 FortiMail Student Guide 30DO NOT REPRINT > LAB 2-Accss Coto and Picks © FORTINET LAB 2—Access Control and Policies In this lab, you will establish outbound email flow forthe internalab domain, as well as configure a relay host for the server mode FortMall. You wil create IP and recipient policies, and then use logged policy IDs to identity how palcies are applied to.an email Objectives Confgue access receive resto allow outbound emal hagpesccstorelacogheat Contig Pare vcore Use logge poy bs to tack messages Time to Complete Estimated: 45 minutes FortiMail Student Guide 3DO NOT REPRINT > LAB 2Aocess Contol and Potces © FORTINET 1 Outbound Email Flow In this exercise, you will configure the necessary access receive rules on both the IntGW and IntSRV. FortiMail VMs to allow outbound email To verify authenticated outbound relay 1. In Windows, open Thunderbird, and then compose a new email message to the external user Using the following values: Field Valve To: nal Subject: Testing Outbound Email Message Body: Wt tis work? 2. Click Send. Thunderbird displays a security warring, select the Permanently store this ‘exception check box, and then click Confirm Security Exception. 1. Open a web browser and visit the ExtSRV FortMails webmail GUI: bitosi/extsrv extemal fab/ 2. Login as exxtuser with the password £: 3. Verify hat extuser has received the ema ote: By detaut, ForaMail rejects outbound emai, unless the sender is authenticated ‘Since you corfigured Thunderbird fo authenticate when sending emai using SMITP, the IntSRV Fertil elays it To configure the server mode access rec rule 1. In Windows, open a web browser. Visit the IntSRV Fortiai's management GUI: bitpsilinsrv internal labladmin 2. Login as admin and leave the password fisld empty. 3. Click Policy > Access Control > Receiving 4. Click New and configure an access receive rule using the following values: a aa K Des Dain c ‘Sender Pattern: = :@internal ab c ies tiMail Student Guide 3DO NOT REPRINT LAB 2-Acoos Coto and Potekn © FORTINET ‘Action Relay 5. Click Create to save the access receive rule 6 F rote: white the default behavior reduces configuration requirements, iis stil ood pracice to conigurean access revave rule with specie sender pater, and sender IPinemase values ina server mle deployment to reset iter outound sessions To configure the gateway mode access receive rule 4. In Windows, open a new web browser tab Vist the Int6W ForiMai's management GUI: bitps/intqw intemal labladmin Log in as admin and leave the password field empty. 2 3. Click Policy > Access Control > Receiving 4. Click New. 5. Configure an access receive rule using the follawing values: Field Value User Defined Sender Pattern: ‘@internallab User Defined Sender IPinetmask: 10.0.1.99/32 ‘Action Relay B_Note: on te intGW Forti you are allowing nly the IntSRV server mode Forti to relay email. Therefore, you are configuring a (32 subnet mask. No other host is able to relay email through IniGW. 6. Click Create to save the access receive rule To verify the access receive rules 4. Return tothe Thunderbird composing window. Click Send. 2. Open a new web browser tab and go to the ExtGW webmail GUI hitps:fextsrv.extemal abi 3. Log inas extuser using the password fort inet ‘The email message should appear inthe inbox. Click the email message to open it 5. Click More > Detailed Header. This displays the email header in the webma interface. = KE ir c = fDO NOT REPRINT > LAB 2—Ascess Contol and Potcies © FORTINET FotMalvMni 7a 6. Review the Received: headers. What hops did the email take to reach the destination inbox? ote: The emait message was generated by Windows (10.01.10) and sont IntSRV (10.0. 1.98). The IntSRV host then delvered the email massage to ExtSRV (10.200.1.99) Received: from ((10.0.1.99))by vith ESMTP id viRI4unB001914-vIRE4un0001 914 Received: from (T0011) (OUT T To] usersuseri¢internal..ab ech=CRAM-HO5 bits=0) by with ESUTP id ‘vIRL4u8T001985~v1RL4vHK001985 ‘According to the headers, the email message did not pass through the IntGW FortiMail, which is expected, The IntSRV server mode FortiMal delivered the email based on MX query results. To make ‘sure all outbound email from IntSRV ForiMall relays through he IntGW FortiMal, you must configure a relay host on the IntSRV FortiMail FortiMall Student GuideDO NOT REPRINT > LAB 2Aocess Contol and Potces © FORTINET 2 Relay Host In this section, you will configure an external relay host onthe IntSRV FortMall so ll outbound email ate sent io the IntGW gateway mode FortMall or delivery. To configure a relay host 4. In Windows, vist the Int SRV FortMal's management GUI ttosi/insr intemal fabadmin 2 Clck Mail Settings > Settings > Mall Server Setings. 3. Expand the Outgoing Email sub-section 4. Select the Deliver to relay host check box, and then click New. 5. Create a new relay host using the folow value: Field ‘Value Name: IntGwRelay Host namellP. 10.01.11 Leave the remaining elds empty and then click Create to save the relay host coniguration 7. Click Apply to save the Outgoing Email setng changes To verify the relay host 4. Open Thunderbird, and then click Write, 2. Compose a new email using the following values: ea an To: extuser@extemal.iab sana Testing Rely Host Message Body Raley hosts woke 3. Giek Send 4. Valthe BAGRV webmat GUt = ht xxtsrv.extemal k ul 5 nyt i cn c 6. Review the headers. Do you see any differences in the Received: headers? What hops did the & Srorirtttens une anacicien nat © tiMail Student Guide 3DO NOT REPRINT > LAB 2-Accss Coto and Picks © FORTINET Bote: he emai was generated by Windows (10 0.1.10) and sent to IntSRV (10.0.1 99). ‘The IntSRV host then sent the emai to IntGW (10.0.1.11), The IntGW host delivered the ‘ema to ExtGW (10.200.1.98) Received: from ((10.0.1.111) by vith ESHTP id viRLvK2S00215@-viRbvx2v002158 Received: from ((10.0.1.991) by with ESMIP id vIRLvkO}001948-viRLv01001948 Received: from [TO UTAOUL (GOTT) (usersuseri@internal .1ab ech-CRAM-HDS bite-O) by veith ESHEP Sc vARLvJ#k002052-v1RLvJem002052, By completing the previous configuration steps, you have successfully established bidirectional email ‘low in which all inbound and outtound email must flow through the IntGW gateway mode FortiMall kK i c = £ rtiMail Student Guide 36DO NOT REPRINT > LAB 2-Accss Coto and Picks © FORTINET 3 Policy Usage Tracking ‘As email messages flow through FortMail, log entries are created that show which policies were triggered. This is extremely useful fortesting new policies and troubleshooting existing ones. In this exercise, you wil send two email messages, one in each direction, and then review which policies the messages used. To generate log entries 4. In Windows, open Thunderbird, 2. Send an email message to enluser@exiemal ie. 3. Vist the ExtGW FortiNiai's webmail GU: httos/lextsrv extemal at) Log in as extuser using he password fort inet. ‘Open the new email message, and then click Reply ‘Type a reply in the message body, and then click Send. In Thunderbird, vety you received the reply. Nome To review log entries 4. Vist the int FortMai's management GU! ‘hitpsi//intow,intemal.lab/admin 2. Click Monitor > Log > History. 3. Double-click the active log fle. The fist two entries in the History log should correspond to the two ‘email messages that FortiMail just processed. 4. Right-click the entry forthe inbound email, and then select View Detalls. KE 7 c = FortiMail SiDO NOT REPRINT » LAs 2—Aovess Conitol and Potcies © FORTINET Gite Rasen Operon Beet Fran Srtwomrass i Glenarm lage Re Teer ee sein Beeedincanen (he Gino 5. Review the Policy IDs field, end answer the folowing questions: ‘The Policy 1Ds field is made up of three fields (X:¥:Z). What does each felc's value correspond to? The first pofcy usage value is 0. What does this mean? ‘The third policy usage value is 0. What does this mean? GK Note: The poy IDs for each email message ar recoded in the tistor logs in the format of X:¥:Z, where X is the ID of the access control rue, is the ID of the IP-based policy, and Z isthe ID of the recipiont-based policy. If the value in the access control rule field for an incoming email is, it means that Fatal sapling ts ofa ru for handling inbound oma he value of is On any other case, it means that a policy or rule couldnt be matched, or dovsn oust 6. Click Close to close the Log Details window. 7. Open the relevant log entry forthe outbound email and review the Policy IDs field B ote: the potey use recorded forthe outbound email message is 1:0. was processed sing access rece ul ID 4, which you creates the previous txariee. Then the emai moscage was processed using the def I poly ID Because you did configure anyoutgeing recipient poe, the last field va KE ir c = f rtiMail Student Guide 38DO NOT REPRINT > LAB 2-Accss Coto and Picks © FORTINET 4 Policy Creation In this exercise, you will create IP and recipient policies. Then, you will test your configuration by sending email messages back and forth. You will so use logs to observe the changes to the policy use from the previous exercise. To create IP policies 4. Visit the IntGW FortiMai's management GU! itpss/intgw intemal labladmin 2. Click Policy > Policies > Policies. 3. In the IP Policies section, click New. 4. Create anew IP policy using the following values: Fielé Valve Source: 10.0.1,99/32 Session: (utbound_Session 5. Click Create to save the policy. 6. Thenew policy should have an ID value of 3 = mS aaa = A = aT ° 7. Click the policy to select it. In the Move drop-down list, select Before. Move IP policy ID 3 to appear in thelist before IP policy ID 1 onter Pm | | Pro Sew |S a | TRe ote pcs] Dom [recs per pe! 50 KE w i Zt 80M a c BF eekenacens ita 6 Ez Is FortiMail Student Guide 39DO NOT REPRINT » LAs 2—Aovess Conitol and Potcies © FORTINET 8. The policies should appear inthe following order: eo a a A ee 7 a tatoo 8 TI 8 [P policy 1D 3 will process all email sourced from the IntSRV FortMail outgoing), and IP Policy 1D 1 Will process all other emai (incoming). IP policy ID 2 is @ default IPV6 policy. Since this lab is not configured for IPv6, its not required. You can delete iif you want to, To create recipient policies 1. Inthe Recipient Policies section, in the Doms crop-down list, select internal.lab. 4. In the Direction drop-down ist select Outgoing, 5. Click New. 6. Dorit modify any values. Click Create to save the policy. E Ww c |= Reinet Peis & — i —— rr ee rtiMail Student Guide 40DO NOT REPRINT » LAs 2—Aovess Conitol and Potcies © FORTINET K Note: FortiMail maintains a global ist of outbound recipient polices. f you manage ‘muitiple protected domains, and you need to handle outbound emai for each protected domain differently, you must create a different outbound recipient policy for each protected domain, and set the Sender Pattern accordingly. To generate log entries 1. In Windows, open Thunderbird 2. Send an email message to extuser@external lab. 3. Visit the ExtGW FortiMail's webmail GU! hitpsi/extsrv.extemal tabi Log in as extuser using the password fort inet. (Open the new email message, and then click Reply. Type a reply in the message body, and then click Send. ‘In Thundertird, verify you received the reply, To review log entries 1. In the IntGW FortiMai's management GUI, click Monitor > Log > History. some 2. Double-click the active log fle. The fist two entries in the History log should correspond to the two. ‘email messages that FortiMail just processed. RR eos oes eos 3. Access the deals foreach log entry and review the Policy IDs id 4. ‘Wat changes can you see from the previous exercise? GF Note: The potcy use wil rfc the new 1D values forthe polices you created. All ‘outgoing email wil be processed by IP policy ID 3, and outgoing recipient policy ID 4. All ‘incoming emai wil be processed by IP poicy ID 1, and incoming recipient pobcy 1D 1. KE ir c Ez f rtiMail Student Guide 4DO NOT REPRINT » LAB s—Authenteation © FORTINET LAB 3—Authentication In this fab, you will configure access receive rules to enforce user SMTP authentication. You wil also Configure an LDAP profile to enable recipient verification, alias mapping, and user authentication. Objectives + Enfc user SMTP authentication using acess receive res + Configure an LDAP profie + Enable recent verfcation and alas marina Configure LDAP authentication for users Time to Complete Estimated: 60 minutes Prerequisites Before beginning this lab, you must disable sender reputation on the IntGW ForiMail To disable sender reputation 1. In Windows, open a web browser. Vist the IntGW FortiMal's management GUI nt labladmin 2. Login as admin and leave the password fiald empty. 3. Click Policy > Policies > Policies. 4. In the IP Policies section, double-click policy 10 4 5. Editthe Inbound_Session profe 6. Expand the Sender Reputation section and clear he Enable sender reputation check box. 7. Glick OK to save the changes. K ; i B Note: The sender reputation feature can intecere with some ofthe testing that you wit doin ths lab. = FortiMail Student Guide 2DO NOT REPRINT » LAB —Autnenteation © FORTINET 1 User Authentication Enforcement In this exercise you will explore how FortMail handles SMTP authentication. You will enforce authentication using access receive rules, and test your configuration using various outgoing server, settings in Thunderbird. To disable SMTP authentication in Thunderbird 4. In Windows, open Thunderbird 2. Press the Ait key to show the Menu Bar. 3. Click Tools > Account Settings. a FortiMail Student Guide 43DO NOT REPRINT » LAB s—Authenteation © FORTINET 5. In the Authentication method drop-down list, select No authentication, —————— t ‘eur aed Abeneton Counectonsecinty _[STARTTIS Reade Z| Encnpad powers Kerers/ 61 6. Click OK to save the changes. 7. Click OK to return to the main Thunderbird window. FB ote: By making tnese changes, you have dsabied authenteaton for SMTP connectons So, when you send an ema message, Thunderbied wont authenticate To send an unauthenticated email message 1. In Thunderbird, send an email fo extuser@external ab 2. Open a web browser, and then visit the ExtSRV FortiMail's webmail GUI htsfextsrv extemal lab! 3. Log inas extuser using the password fort inet: 4. Why was the email delivered to the destination user even though you disabled SMTP authentication in Thunderbira? B ote: tre accoss receive rule that you configured in LAB 2—Access Conta & Poles didnt have authentication enforcement enabled KE ir c Ez f ‘When you set Authentication Status to Any, FortiMail doesn't verify whether the ‘sender matching the rule is authenticated or not. rtiMail Student Guide 44DO NOT REPRINT » LAB 2—Auttencation © FORTINET To enforce authentication 1. Open. new web browser tab. Vist the IntSRV FortMail's management GUI: hitpsy/intsr internal Jab/admin 2. Log in as acimin and leave the password field empty, 3. Click Policy > Access Control > Receiving, 4, Select rule ID 4 and click Edit. 5. In the Authentication status drop-down lst, select Authenticated. = 6. Click OK to save the charges. To verify authentication enforcement 1. In Thunderbird, send another email message to extuser@external lab 2. This time, an alert cispiays indicating that relaying is denied. KE 7 c = 1 eccurted while sending mal The nil server responded S71 Relying cenied Please check the message recipient “etuser@estema ab" and try gsi, Ea] FortiMall Student GuideDO NOT REPRINT » LAB s—Authenteation © FORTINET Click OK to close the alert, but leave the email compose window open in the background. 4. Visitthe Int SRV Fortiai's management GUI ttosi/insr internal fabedmin 5. Click Monitor > Log > History. 6 Double-click the active log fle. The first entry in the History log should correspond to the rejected email message. Note ts og ent, you can seo IntSRV has ejected (Diepostion) the ma because WH Gescocaor valu te grease runt (site) Gy loraig hy Accriowton Stats vabe lo Authenticated you neve succostly evorced aunentcain fr veers comeing tothe mtSRV Fontan, To restore SMTP authentication on Thunderbird inthe main Thunder window, press he Alt ey to show the Menu Bar Clck Tools> Account Settings. Onthe Account Sottings scr 1 2 3. click Outgoing Server (SMTP), and then click Edit. 4, In the Authentication method drop-down list, select Normal password 5. Click OK to save the changes. 6. Click OK to return to the main Thunderbird window. 7. Send the email message again. 8. Visit the ExtGW FortiMail's webmail GU! hitpsi/extsrv extemal abi 9. Login as extuser using the password Fort inet, 410. Verify thatthe email was delivered. 11. Visit the IntSRV FortiMail's management GUL bitosi/intsrvnternal Jab/admn 12, Click Monitor > Log > History. 18, Double-click the active log fle. The fist entry in the History log should correspond to the email message you just sent kK i c = £ rtiMail Student Guide 48DO NOT REPRINT » LAB 2—Auttencation © FORTINET 114, Click the Session ID link to retrieve the cross search results. 415. Right-click the event log related to the authentication event o view the details Roan ES a —— —$— rT TE raptReunioy ert a0r0902 one SoD] rere FortiMall Student Guide arDO NOT REPRINT » LAB 2—Auttencation © FORTINET 2 LDAP Operations ‘The Windows VM has been preconfigured with Active Directory Services forthe internal.lab domain. In this exercise, you will review the Active Directory configuration and learn how to retrieve LDAP atbibutes for Active Directory objects. Then, you will configure an LDAP profile on both IntSRV and IntGW FortiMiall devices to use for user authentication, alias lookup, and recipient verification. To review the Active Directory configuration 1. In Windows, from the desktop, open the Active Directory Users and Computers management console. Note: A service account forthe LOAP profes located in the Service Accounts Organization Unit (OU). The users and groups are located in the Training Users OU ‘ang Training Groups OU respectively uo =u 2. Allaccount passwords have been setto fot not. To access the LDAP attributes of Active Directory objects 1. In the Active Directory Users and Computers management conscle, click View, and then veriy that ‘Advanced Features is selected KE 7 c = FortiMail Si 48DO NOT REPRINT © FORTINET 2. Right-click internal.lab, and then select Properties, Posen ck » LAB 3—Authentication 3. In the internal.iab Properties window, click the Attribute Editor tab. [Bema Wangs [Oiea [Sun | Avan Coe] posee xiroPaky ONT a ‘ree ILO TOSE AM Poe Da Tne = (SegaieRore — oreo Sesopaee {V1 api Dd LaengSece =D Oi 00-1) reve (aT Satins Cen aFa ILosp /ovea2F MOOI 1028. omcaoendbict TRUE feclaousten 000000 bad uote, 0003000 GB ote: You can use he previous saps to access the LDAP attributes of any ‘ative Directory objet necessary to configure the LDAP profile on FortMal. 4. Click OK to close the properties window. K i c = £ 5. Close the Active Directory Users and Computers management console. L FortiMall Student Guide 49DO NOT REPRINT © FORTINET To configure an LDAP profile on IntGW FortiMail 4. Open.a new web browser tab, Visit the IntGW FortMal’'s management GUI: hitpss/intgw.jntemal abladmin 2. Login as admin and leave the password field empty. 3, Click Profile > LDAP > LDAP. 4. Click New. 5. Create an LDAP profile using the folowing values: Field Valve Profile name: InternalLabLDAP. Server namellP: 10.0.1.10 6. Use the folowing values to configure the Default Bind Options: Field Value Base DN: ‘QU=Training Users, DC=internal,DC=lab Bind DN: CNELDAP Service Account, OU=Service Accounts, Dc=internal,DC=ab Bind password: fortinet In the User Query Options section, inthe Schema drop-down lst, select Active Directory, Inthe User Alias Options section, in the Schema drop-down list, select Active Directory 9. Use the following values to modify the User Alias Options: Field Value ‘Alias member query: User group expansion in | Disable advance Use Separate bind Disable 10. Click Create to save the LDAP profile, To configure an LDAP profile on IntSRV FortiMail 4. Open a new web browser tab. Vist the IntSRV FortiMal's management GUI: ‘itps//intsrvinterna lab/admin, Lg in as admin and leave the password field empty. Click Profile > LDAP > LDAP. Click New. tial KE ir c = fDO NOT REPRINT » LAB s—Authenteation © FORTINET 5. Create an LDAP profil using the folowing values: Field Value Profile name: InternalLabLDAP Server namellP: 10.0.4.10 Use the following values to configure the Default Bind Options: ‘OU=Training Users, ‘CNELDAP Service Account, Ol De=internal,DC=ab Bind password: fortinet In the User Query Options section, in the Schema drop-down lst, select Active Directory, Inthe User Alias Options section, in the Schema drop-down list, select Active Directory. Use the following values to modify the User Alias Options: Field Alias member query: User group expansion in | Disable advance Use Separate bind Disable 10. Click Greate to save the LDAP profile To validate the LDAP profile configuration 4 2 3. 4. Inthe IntGW Fortintail management GUI, select the InternalLabLDAP profi, and then click Edit, On the LDAP profile configuration screen, cick [Test LDAP Query...) Make sure the query type is set to User. Query for the following users: 11 @intornall ser2@internallab your configuration is correct, you will receive the following Test Result message: KE ir c Ez f tiMail Student GuideDO NOT REPRINT » LAB 3-Autnenteaton © FORTINET ar aay Ta TRIO Seema 100130 Sere ot = ‘ry otis Bx Oe CUT Le Deters. [rdEN Ove. Src Anas Sanee ANKE rec 6. Ifthe quory fails, make sure the LOAP profile configuration matches the folowing screenshot: Monkor Bsseon —(GUeTiang UiiOCerter DEE (ORM roe tess crnre.i-seee pcr TED [iisssin || indearsvnt. frat (wet etSoam [eaves |, Sar pm pcre 7 (el etic ag ue ec aR) aeration user bree Pu sera ert i es. 7. Ontthe LDAP profile configuration screen, click [Test LDAP Query...] again. 8. Change the query type to Alias, 8. Allof the Active Directory users have been preconfigured with aliases. Query forthe folowing aliases: mailuser1@intemallab mailuser2@intemal.lab 10. If your configuration is correct, you will receive the following Test Result message: K i c = £ FortiMall Student Guide 52DO NOT REPRINT » LAB 2—Auttencation © FORTINET oar oy ea CTA 5 ron a Se Asa An Aa 1. Ifthe query falls, make sure the LDAP profile User Alias Options configuration matches the: following screenshot: ont = J 2 seamen C5 rom manber setae [ran (copes aa. oo nde-ao tn) oo a S| ope: site = ete Ne zl est Newest 12, Perform the same validation steps on the IntSRV FortiMal. To configure recipient verification and alias mapping for gateway mode 4. Inthe IntGW Forte management GUI, cick Mail Settings > Domains > Domains 2. Select the intermal.lab domi, and then click Edit 3. Inthe Recipiont Addross Verification section, select Use LDAP Server. KE 7 c = FortiMall Student Guide 53DO NOT REPRINT » LAB —Autnenteation © FORTINET In the Use LDAP server drop-down list, select InternalL abLDAP. 5. Expand the Advanced Settings section. 6. In the LDAP user alias / address mapping profile drop-down list, select InternalLabLDAP. 7. Your configuration should match the following screenshot: aaa Samm 027 oer cael amv a i ee ce) Policies > Policies kK i c = £ 2. Select recipient policy ID 4, and then click Edit. 3. In the Authentication and Access section, configure the folowing values: rtiMail Student GuideDO NOT REPRINT ruses © FORTINET Field ‘Value ‘Authentication type: LOAP Authentication profile: InternalLabLOAP. Allow quarantined email access through webmail Enabled 4, Click OK to save the changes. B Note: users wi use thei Active Directory accounts to authenticate and gain acess to the IntGW Fortis webmail interface for quarantined emails To configure LDAP authentication for server mode users 1. Visit the IntSRV FortiMail's management GUL: bitoss/ints internal Jab/admin 2. Click User > User > User. 3. Solact usert, and then click Edit 4. In the Authentication type drop-down Ist, select LDAP. 5. In the LDAP profile drop-down list, select InternalLabLDAP. GB Note: the LOAP profile doesnt appear inthe drop-down lit, then youissed a step. Return to the To Configure an LDAP Profile section, and then follow the listed steps to configure the same LDAP profile on the IntSRV FortiMail 6. Click OK to save the changes. 7. Click New, 8. Create @ new user using the following values: Field Value User name: user2 ‘Authentication type: LOAP LDAP pre InternalLabLDAP. Display name: Mail User 2 9. Click Greate to save the new user. To validate server mode LDAP authentication 1. In Windows, open a new web browser tab. Vist the IntSRV FortiMai’s webmail GUI bitpss/intsrv internal aby 2. Log in as user? using the password rortine KE ir c Ez f tialDO NOT REPRINT » LAB s—Authenteation © FORTINET 3. Ifyou have configured the server made user LOAP authentication corect, he login wil be sucesst To validate gateway mode LDAP authentication 4 Open a new web browser tab. Visi the IntGW FortMal’s webmall GUL: bitpsiintaw intemal aby Log in as user2 using the password Fortinet. you have configured the gateway mode LDAP authentication correctly, the login will be successful Log out and clase the browser tab before proceeding, 2 3 4 note: The wermail GU! in gateway mode gives users access to their Bulk folder, which ‘contains only quarantined emai. You will configure email quarantining in alater lab. In this ‘section, you are verifying user access only To validate recipient verification 1. soos a In Windows, open a new web browser tab. Visit the ExtGW FortiMal's webmall GUL bitosilextsrv extemal labl Log in ag extuser using the password fort inet Compose a new emall message using the folowing values: Field Value To: lduser@inter Subject: Testing Recipiont Verification Mossage Body: This shouldbe rejected! Click Send, Click Refresh to update the inbox. You should receive a delivery status notiication (DSN) message. (Open the DSN message and review the transcript details Visit the IntGW FortiMail's management GUL httos:/intqw intemal labladmin Click Monitor > Log > History, 1. Double-click the active log file, The frst entry in the History log should correspond to email you just sent KE ir c = f rtiMail Student Guide 56DO NOT REPRINT » LAB —Autnenteation © FORTINET 410. Review the log details. To validate alias mapping 4. Vist the ExtSRV FortMai's webmail GUL tiips//extsrv extemal ab Log in as extuser using the password fort inet. Compose another mail massage using the folowing values: Field ‘Value To: mailyse2@internal lab Subject: Testing Alias Mapping Message Body: This should work! 4. Click Send. 5. Visit the IntSRV FortiMails webmail GU: bitosiintsrv internal aby 6. Login as user? using the password Fortinet. 7. The email you sent to mailuser2@internal,lab should appear in the user2@internal lab inbox. Fortintail Vit arse . af own tare > 8. Visitthe IntGW FortMail’s management GUI osi/intow intemal bledmin 9. Click Monitor > Log > History. 40, Double-click the active log fle. The fist entry in the History log should correspond to email message you just sent kK i c = £ rtiMail Student GuideDO NOT REPRINT » LAB 2—Auttencation © FORTINET lec | 01 ns frome er Shegen Surin ecm aft ‘1. Cck the Session ID to retrieve the cross search result 12, Review the AntSpam log related tote session. [a ee GE py ef G Note: ries mapping is use! to consclidste multiple email messages for he same user ina single email sccount using the prmary emai acess asthe Werder. This reduces Sctount management overhead orthe user and fe admis. Por exam, a weer has five aliases in addon toa primary email adres, FortMall con use alas mapping Imaniina single user quarantine mailbox. Otherwise, the user would have fo manage ik separate quarantine actouns, a well asthe quarantine reports for each account. kK i c e £ FortiMall Student Guide 58DO NOT REPRINT , © FORTINET LAB 4—Session Management ssion Management In this lab, you will configure session profiles to inspect the envelope part of SMTP sessions. You wil 60 use session profiles to hide internal network information from email headers. Objectives + Configure session profile connection settings to limit inbound connections to the IntGW Forti! ‘Configure sender address rate contralto limit outbound connections on the Int RV FortiMail ‘+ Configure session profile header manipulation to hide your internal network information Time to Complete Estimated: 45 minutes Prerequisites Before beginning this lab, you must restore a configuration file to the IntSRV FortiMail To restore the initial configuration file 1. In Windows, open a web browser. Vist the IntSRV FortiMail’s management GUI: intr internal. labladmin 2. Login as admin and leave the password field empty, 3. Click Maintenance > System > Configuration, Upload the following configuration file: Deaktop\Resources\starting Confige\Lab 4\04_Initial_tntsRv.tgz GB wot: the contguration fle ads a new IP poly that causes all ema elvery attempts from the ExtSRV Foritalto the InfSRV Fort fof temporary Thi done to lnsuve that when te session lis are ggered onthe IntGW FortMa, the ExtSRV Fora cant devorto th Int SRV Fora recy The change elpsintesing the session profile stings you wil be configuring on IntGW in this lab KE ir c = 4, Click Restore 5. Wait for the IntSRV FortiNal to ish rebooting before you proceed with the exercise. FortiMail SiDO NOT REPRINT © FORTINET 1 Connection Limits ‘Spammers usually send as many email messages as they can in a small periad of time, before legitimate email servers begin to block delivery. If locked, the spammers won't spend the time to retry. [Normal email servers will atry delivery iit fale the first time. One method of blocking spam, while lowing legitimate email messages, is to limit the number of SMTP sessions that each client can establish in a 30-minute period. In this exercise, you will configure a session profile on the IntGW ForiMal to limit the number of connections the ExtSRV FortiMail can establish over a 30-minute period. Then, you wil test the Connection limitation by sending consecutive email meseages to tigger a violation. You wil also verity your configuration by reviewing the logs. To configure a session profile 6. InWindows, open a web browser. Visit the IntGW FortiMaits management GU btps:intgw intemal labladmin Log in as admin and leave the password field emp. Click Profile > Session > Session. Click New. 410. In the Connection Settings secton, configure the following values: ssion Management Fiela Value Profile name: limit connections Restrict the number of connections per client | 4 per 30 minutes to: 11, Click Create to save the profile Note: Four connections every 30 minuts is oo few tobe realist for eal word deployments. Emal servers usualy send many email messages oor trough ForiMal each minute In this lab, Rowever you wil Use the 2O-minut restncon to make yourrate mt e951 tgger. F swore: were ae no poses contoured wih session role, FortMal i st Tatlin connectone accor to fs deat sefthgs, whch ar sntar oo Session basle_predtinedprotieincudig the 10 MB size ml, sender reputaion tnaoled and s'en To sate te rate im’, you must create and apply a blank session pre To apply the session profile to inbound connections 4. Clck Policy > Policies > Policies. 2. Edt IP policy 10 4 3. Inthe Profiles section inthe Session crop-down ist, select imit_eonneetions. Cick OK to KE ir c = f tiMail Student Guide 6DO NOT REPRINT russ © FORTINET save your settings. jon Management To validate the connection limits 1. Open a new tab in your browser. Visit the ExtSRV FortiMail's webmail GUI hitpsi/extsrv extemal abi Log in as extuser using the password fort inet. ‘Send five email messages to user @internal lab to trigger the session limit 4. Open Thunderbird and check how many email messages were delivered to the user! @intemal lab inbox ote: There wi be one emai sent per TCP connection, Therefore IntGW FortMall should allow the first four but block email number five, which exceeds your confgured connection iit 5. Visit the IntGW FortMai's management GUI: hitpsy/intgw intemal labladmin 6. Click Monitor > Log > History. 7. Double-click the active log fle. The fist entry in the History log should correspond to the rejected email 8 Whyare the From, To, and Subject fields emply in this log entry? GE Note: Forte blacked the con's attempt when scanning the IP layer ofthe nial packets, before the SMITP session could be estabished. The SMTP session contains the ITP envelope: the sender's emailaddress, the recipients email adcres, andthe subject So those pars ofthe email were never received. 8. Click the Session ID to retrieve the cross search results. i 410, Review the releted AntiSpam log Cc ee Ez —_— 5 FortiMall Student Guide 6DO NOT REPRINT mu © FORTINET To disable connection limits ssion Management 1. Visit the IntGW FortiMai's management GUI hitpsy/intgw.jntemal labladmin 2. Click Policy > Policies > Policies. 3. Edit IP policy 104 4. In the session profie crop-down lst, select Inbound_Session. 5. Click OK. FortiMail Student Guide 82DO NOT REPRINT , © FORTINET 2 Sender Address Rate Control While iti important to protect your email users from spammers sending large volumes of emai, itis also important to protect your own MX IP reputation by controling the volume of email received from internal In this exercise, you will configure sender address rate control on the Int$RV FortiMail. Then, you will ‘send consecutive email messages to trigger a violation, and verify your configuration using logs. To configure sender address rate control 4. In Windows, open a new web browser tab, Vist the IntSRV FortMai's management GUI: bitoss/interv internal labledmin 2. Log in as amin and leave the password field empty, 3. Click Mal Settings > Domains > Domains. 4. Select the internallab domain and click Edit. 5. Expand the Advanced Scan Settings section, and then select the Sender address rate control check box. 6. Expand the Sender address rate control section, 7. Configure the folowing values: Fold Value Action: Reject Maximum number of messages per half hour: | 4 Send email notification upon rate control Enable violations Click New. Create a noiication profile using the folowing values: Fielé Value Nam NotifyUsert ‘Send notification to: ‘others 10. Click Add 14, Enter Mail User 1's email addrees: user’ @intemal lab 12, Click OK. 18. Click Create. 14, Click OK. KE ir c = fDO NOT REPRINT rus © FORTINET To validate sender address rate control Session Management 4. Open a new web browser tab. Vist the IntSRV FortiMail's webmail GUI: bitpss/intsr joternal abi Log in as user? using the password fortinet. ‘Send five email messages to exluser@external lab to tigger the rate contro limit. 4. Open a new web browser tab. Vist the ExtSRV FortiMai’s webmail GUL itos/Jextsrv extemal aby 5. Login as extuser using the password fort inet ©. Check how many email messages were delivered to the exluser@external lab inbox. 7. By now, user! @internal.lab should have received the notication email forthe rate control violation. (Open Thunderbird and view the details in the notfcation email FB ote: Notscation profes ae a convenient feature that can allow acinistatrs to Keep informed of events curring on Foal. Many FortMal features support notification profes 8, Visit the IntSRV FortiMail's management GUL bitpes/interv internal Jabladmin 9. Click Monitor > Log > History. 10. Double-click the active log fle. The fist enty in the History log should correspond to the rate control violation, arcane é Sees |S aT age eporRapaner | 3 anrano o94s15 Senratns encom! Oday eg ‘ae 1 Mion Ons Nasa east weageen ete. Ron i wore: white session profie connection limts and sender adcress rate control appear function very similarly, there i a major éiflerence in how these lite are applied by Forti As you observed in the previous exercise, session profile connection limits are applied at the IP layer. Sender address rate control imits connections based on the sender address. This is derived from the nail tzon: field of the SMTP envelope. So, for sender address fate control, FortiMail must process at least a portion of the SMTP envelope. This is also why usor2@intomal lab appears in the From feld of the log entry, but the log entries from the session profile connection limits are empty KE ir c = f 11. Click the Session ID to retrieve the cross search results, 12, Review the related event, and aniispam logs. rtiMail Student Guide 64DO NOT REPRINT mu © FORTINET To disable sender address rate control jon Management 1. Visit the IntSRV FortiMail’s management GUI: bitpss/intsr internal jab/admin 2. Click Mall Settings > Domains > Domains. Select the internal.lab domain and click Edit Expand the Advanced Scan Settings section and disable Sender address rate control. eR FortiMail Student Guide 65DO NOT REPRINT rus Session Management © FORTINET 3 Header Manipulation Removing internal headers is a common security practice. I hides your intemal network information from the world In this exercise, you will observe the effects of header manipulation sattings by configuring a session profile on the IntGW FortiMal to hide internal headers. To review headers 1. Open a new web browser tab, Visit the ExtSRV FortiMal’s webmail GUI: hitpsivextsrvextemal abl 2 Log inas extuser using the password fort inet. 3. Open any email message sent by an intemal.lab user. If you deleted all the previous email messages, open Thunderbird and send a new email message to extuser@extemal ab, 4. Click More > Detailed Header. Select and copy (Ct + C) he header contents 5. Open. new Notepad window and paste (Cr+ V) the header details, Save the fle onthe desktop as Header. Before. txt To configure header manipulation 41. Open anew web browser tab Vis the IntGW management GUI: tiips/intaw.ntemaLabyadmin Log in as acnin an leave the password field empty Click Policy > Policies > Policies. 4, Click the Outbound_Session link. This is the session profle curently applied to IP policy ID 3, which processes all Gutbound email forthe internal.lab domain, — GW Iresk——1/11 > eo eels tout 2 i es nore oneen [sane | . — + teso0 00t0n mnt ° 5. Expand Header Manipulation, and then select the Remove received headers check box. 6. Click OK to save the changes. K Note: The intw FortiMal removes all previous Received: headers from the email when it stars processing it, using IP policy ID 1 KE ir c = f rtiMail Student GuideDO NOT REPRINT russ © FORTINET To validate header manipulation settings on Management 4. Open Thunderbird, 2. Send anew email message to extuseri@external.iab, Visit the ExtSRV Fortiiai’s webmail GU! hitps/lextsrv extemal labi Log in as extuser using the password fort inet. (Open the email message you just sent from user @intemal lab, 6. Reviow the detailed headers of the email. e ae G Not: inthe neces ved: header you should ony see deals about IntGW and ExtSRV. There should be no information about Windows (10.0.1.10), and IntSRV (10.0.1.99). 7. Open the Header Before. txt file you saved earlier. Compare the differences. Se REE rrrray eon a i rman non Scaepcetiaerea ters we einige ea fn comtsergertera. Labo) fry 3 Rar 647 Lerissit 9 Subject: iste Control eal 5 (sn TLSvt 2 cper-ECDHE- RSA AES SHA e-256 ely NOT tor cemisergeerl p> Ft ae 2017 1002-0000 TWeanereenerarso From Mal ser ane rte > Sues Hear Manpuon Test Pentagei Use-Agere zis 0 (indore NT 6, WOWES 14.0) Gea 20100101 esvesen 10 Comer ype teat, crarst-uts rma-towed K i c = £ FortiMall Student Guide orDO NOT REPRINT » LAB Santis © FORTINET LAB 5—Antivirus In this lab, you will apply FortiMaits local malware detection techniques to scan for viruses in inbound email Objectives Configure an antvis profile to enable local malware detection Coniigue an antivirus acton pote to replace infected content rom an ema Apply entivius scanning to inbound email Test antivirus functonalty Time to Complete Estimated: 15 minutes FortiMail Student Guide 68DO NOT REPRINT LAs 5Antvns © FORTINET 1 Antivirus Scanning for Malware Detection In this exercise, you will configure an antvirus profile and an antivirus action profile on the IntGW FortiMall. Then, you will apply the antivirus profile to a recipient-based policy in order to scan all inbound ‘email sent tothe internal.lab domain, You shouldn't test your antivirus configuration using a lve virus. By doing so, you risk infecting your network's hosts if your configuration is incorrect. To test your antivirus configuration without risk of infecting your network, you wil use an EICAR file ‘An EICAR fe does contain a real vin. tis a hamiess,incistry-standard test fe that is designed to trigger all antvius engines fr testing purposes. So, I your anivius configuration i correct Forte Should detect he EICAR fe asa vin To configure an antivirus action profile 4. In Windows, open a new web browser, Visit the IntGW FortiMials management GUI: tips/intgw intemal abladmind 2. Log in as admin and leave the password field empty. 3. Click Profile > AntiVirus > Action 4. Click New. 5. Add a new Action profile using the following values: Fiala Value Domain intemal.ab Profile name AV_Tag Replace Tag email’s subject lr enabled With value [VIRUS DETECTED) Replace infected/suspicious body or attachments | enabled 6. Click Greate to save the profi. GK Note: The action profie that you created doesn't appear in the list. Why? The list view is fitered by domain. If you want to show the new profile, change the selection in the Domain drop-down lis. Select internal-lab to view the action profiles for that specific domain, or select Allo view the action profiles forall domains KE ir c = f To configure an antivirus profile for local malware detection 1. Click Profile > AntiVirus > AntiVirus. 2. Click New. tiMail Student GuideDO NOT REPRINT LAB 5A © FORTINET 3. Add a new antivirus profile using the following values: KE ir c = f Field Value Domain: internal lab Profile name: AVI Default action ‘AV_Tag._ Replace 4. Keep the default values forthe remaining settings. 5. Scroll down, and then click Create to save the profile, 6. From the Domain drop-down list, select internal.lab to see the new antivirus profile To configure a recipient policy to apply antivirus 1. Click Policy > Policies > Policies. 2. Select recipient policy ID 1, and then click Edit. 3. In the Profiles section, in the Antivirus drop-down list, select AV_In 4. Click OK to save the recipient-based policy. To send an infected email 4. Open a new web browser tab. Visit the ExtSRV FortiMai’s webmail GUI: hitosi/extsrv.extemal.iabl, 2. Log in as extuser using the password fort inet. 3. Compose a new email message using the following values: Field Value To: user1@intemalab Subject: AVEICAR Test Mossage Body This contains a virust - Click Attach. 5. Browse to and select: Deektop\Resources\Filé 6. Wait forthe file upload to finish, and then click Send. To verify AV functionality 4. In Windows, open Thunderbird Contim that you received the email message sent from extuser@exteral ab. Note that the folowing actons nave been applied to the emall message: © The subject line contains the [VIRUS DETECTED] tag FortiMail Student Guide 70DO NOT REPRINT » LAB Santis © FORTINET ‘+ The IntGW FortiMail replaced the EICAR fle and inserted a replacement message To monitor the logs 4. Visit the IntGW FortiMai's management GUI hitosiintow intemal abladmin 2. Click Monitor > Log > History. 3. Double-click the active log fle. The fist entry in the History log should correspond tothe virus email gear arcs GLUE nage farce aes Cage accuses 4. Click the Session ID lik to review the cross search result for more details 2ATINET. FortiMall Student GuideDO NOT REPRINT » LAB €—Content inspection © FORTINET LAB 6—Content Inspection In this lab, you will configure a content fiter 1o monitor email based on dictionary word scores. You will ‘ako configure the data loss prevention (DLP) feature to detect and black any outbound email coniaining credit card numbers. Objectives Configure a dictionary profile to monitor words using scores Configure a content profile monitering and fitering to apply the dictionary profile ‘© Apply content fitering on ail inbound email ‘Configure DLP to detect erect card numbers in an email body and attachments Apply DLP on all outbound email Time to Complete Estimated: 40 minutes FortiMail Student Guide 2DO NOT REPRINT » LAB €—Content inspection © FORTINET 1 Content Inspection In this exercise, you will configure a content prfile’s content montoring and ftering options to scan for specific pattern occurrences in inbound email, Then, you wil configure the action to be applied after the same word occurs three times in an email message, To configure a dictionary profile 4. In Windows, open a web browser. Visitthe IntGW Fortis management GU: ost ntemaLJabyadmin 2. Log in as admin and leave the password field empty 3. Click Profile > Dictionary > Dictionary, 4. Click New. 5. Name the profile WordScores. 6._ In the Dictionary Entries section, click New. 7. Configure the dictionary entry using the following values: Field Value Pattern: forimail Patter type: Wildcard 8. Click Create to save the entry, 8. Click Create to save the dictionary prof g emails dictionary match score by more than the amount configured in Pattern max weight field To configure a content profile 4 Glick Profile > Content > Content 2. Clk New. 3 Configure anew content prof using the flowing values: Field Value K i Domain Systm Cc Profile name CF_Dictionary i Direction Incoming ‘ction SysQuarantine_InboundDO NOT REPRINT ¥ LAs 6—Contont spect © FORTINET 4, Expand the Content Monitor and Filtering section 5. Click New. 6. Configure the content monitor profile using the following values: Fiela Value Dictionary: WordScores. Minimum score: 3 7. Click Create to eave the content monitor profile 8. Click Create to save the content profile GK Note: Setting tne Minimum score to 3 ensures thatthe action profil is apalied only efter FortiMall has found three occurrences of the pattem in a single email message. To apply content inspection to inbound email 1. Click Policy > Policies > Policies. 2. In Recipient Policies, select the incoming policy for InternaL.lab (that is, policy ID 4). 3. Click Edit, 4. In the Profiles section, change the content profile to CF_Dictionary. 5. Click OK. To test the content profile 4. Open a now web browser tab. Visit the ExtSRV FortiMail’s webmail GUL hitpsi/extsrv extemal tabi Log in as extuser using the password fort inet. Compose a new email message to user! @internal lab, 4. Copy the contents ofthe folowing file, and past it into the body of the email message: Desktop\Resources\Files\messagebody. txt FortiMail appliances provide high-performance email routing and security by utilizing multiple high-accuracy antispam filters. As part of the Fortinet Security Fabric, FortiMail prevents your email systems from becoming threat delivery systene. Fortimall can be deployed in the cloud or on premises and gateway, inline and server modes ina range of appliance or virtual nachine form factors. 5. Click Send. EK ir c = f To review the logs 6._ Visit the IntGW FortMai's management GUL btps./intow intemal labladmin rtiMail Student Guide mDO NOT REPRINT © FORTINET 7. Click Monitor > Log > History. > LAB 6—Content Inspection 8. Double-click the active log fle. The fist entry in the History log should correspond to the virus ‘email Notice the values for Classifier and Disposition, ce © 1 emomemon 50 Seen are = i 5 i ‘ Vu or rspertipanor | ant0ets e382 teem wt nergran.. esi. 9. Click the Session ID to retrieve the cross search results 10. Review the antispam log related to the session. cok Content fe sivas Fon Sresateasarais ie Segre ees senor 0 rad To access the system quarantine 4. Click Antispam > Quarantine > System Quarantine Settings. 2. In the Quarantine Folders section, ct the Bulk folder, and then click Edit. 3. Add the admin account to the members, ‘ptm Quant ater tetercen soa 300 kK i c e £ 4, Click OK to save the changes. 5. Apply the same change to the rest of the folders - Content, DLP, and Virus. 6. Click Apply. rtiMail Student GuideDO NOT REPRINT ¥ LAs 6—Contont spect © FORTINET 7. Click Monitor > Quarantine > System Quarantine, 8. Double-click the Content mailbox. The quarantined email will appear here. Seana | Suey | tak | tae. | Ea | Ctmtlaret To perform a sanity check (optional) 4. Visit the ExtSRV webmail GU! hitosi/extsr extemal lab 2. Compose anew emailto useri@internal lab, 3. Copy and paste the same message body, but remove ene occurrence of the word “FortiMail”, and then send the email message. 4. Open Thunderbird and verify that the email message was delivered to usor@intomal ab’s inbox. TINET. FortiMail Student GuideDO NOT REPRINT ¥ LAs 6—Contont spect © FORTINET 2 Data Loss Prevention In this exercise, you will configure a DLP profile and DLP action profile on the IntGW FortiMail. Then, you will apply the DLP profile fo arecipient-based policy, to scan all outbound email sent from the Internal lab domain. To enable the DLP feature 4. In Windows, open a wob browser. Visit the IntGW ForiMail management GUI: bitpss/intgw intemal abladiin 2. Login as admin and leave the password fisld empty. 3. Click Monitor > System Status > Console, 4, Enable the DLP feature using the folowing CLI commands: config system global set data-loss-prevention enable 5, Reload the IntGW FortMai's management GUI. When the GUI reloads, the Data Loss Prevention ‘mens item will appear. FortiMail VMO1 Siren res Ho Or 2 857057 conan Motor ed Ftar () ci Tmewren Ginter BERGE 2 SS eiSeme 4 K Note: The OP features esabied in entry ovel Forel models (VM, 600, 2000) because of performance considerations. You are enabling it test he feature in lab envionment You shouldnt enable the OLP feature in a production network on an enty- level Fort KE 7 c = To configure a DLP rule to scan for credit card numbers 1. Click Data Loss Prevention > Rule and Profile > Rule. 2. Click New to create a new message scan rule. FortiMail SiDO NOT REPRINT » LAB €—Content inspection © FORTINET 3._ In the Name field, ype ScanCreditCards = 4. In the Conditions section, click New. ‘In the frst Condition drop-down list, select Body and Attachment, and, in the second Condition ‘drop-down Ist, select contains sensitive data 6. Click Edit, select the Credit_Card_Number data template, and then click OK, FortiMail Student Guide 8DO NOT REPRINT » LAB €—Content inspection © FORTINET Ci ren 7. Click Greate to save the Scan Condition, [ieee] ce 8. Verify hat your Message Sean Rule matches the following screenshot, and then click Create to save the rule, To configure a DLP profile to apply the DLP rule and action K profile w 1. Click Data Loss Prevention > Rule and Profile > Profile. = 2. Click New to create a new DLP profile. 2. Inthe Name fed, enter DLP_Out FortiMail Student GuideDO NOT REPRINT © FORTINET » LAB 6—Content Inspection 4. Beside the Action drop-down lst, click New. 5. Create @ new action profile using the following values: Fils Valve Profile name: DLP_Out_Sys_Quar System quarantine to folder: Enabie System quarantine to folder: Dip 6. Click Greate to save the action profile 7. In the Content Scan Settings section, click New FortiMail Student GuideDO NOT REPRINT © FORTINET a Ee ee eecmer sd oo ete Da Content Scan Settings, Faas x DLP content Scan Settings ena San [noe lise) (eae een: | Dea ne) (ea ‘cee ] (conc | prot ie == a ote _ ina ESE {aro i content Sc Settings To apply DLP scanning for outbound email 1. Click Policy > Policies > Policies. 2. In the Recipient Policies section, in the Direction drop-down list, select Outgoing 3. Click Create. 4. In the Profiles section, in the DLP drop-down ist, select DLP_Out. 5. Click OK to save the changes. Test DLP Functionality 1. In Windows, open Thunderbird 2. Click Write to compose 2 new email message using the following values: FortiMail Si fant Guide 8. In the Scan rule drop-down lst, select ScanCreditCards, and then cick Create to save the DLP 9. Verify that your DLP profile matches the following screenshet, and then click Create to save the » LAB 6—Content Inspection KE ir c EzDO NOT REPRINT ¥ LAs 6—Contont spect © FORTINET Field Value To: extuser@extemal ab Subject: DLP Credit Card Test Message Body DLP test email 3. Click Attach to select a file as an attachment, 4, Browse to and select: Desktop\Resources\Files\sample.pdf 5. Click Send. G Note: The email message won't be delvered to exuser@extsmal lab because the IntGW FortiMtail should detect the credit card numbers in the POF fle, and apply the system quarantine action. To review the logs 1. Visit the IntGW FortiMai's management GUI bitoss/intgw intemal labladmin Click Monitor > Log > History, Double-click the active logfile. The first entry inthe history log should correspond to the message you just sent sae eee une wate nm xe gram camer te 4. Click the Session ID link to retrieve the cross search results, 5. Review the antispam log related to the session rey ve E kK i c = £ Fi & rtiMail Student Guide 2DO NOT REPRINT » LA Antispam © FORTINET LAB 7—Antispam In this lab, you will configure antispam scanning for both inbound and outbound email. Then, you wil verify your configuration by sending live spam through the IntGW ForiMail VM. You wil also configure quarantine report settings, and manage user quarantine. Objectives ‘© Scan both incoming and outgoing email for spam ‘+ Sond spam email o user quarantine ‘© Manage quarantine report configuraton ‘+ Access and explore the user quarantine mailbox Time to Complete Estimated: 40 minutes Prerequisites Before beginning tis ab, you must estore a configuration fe To restore the initial configuration files 4 In Windows, open a web browse. Visite InRV Fertai's management GUI bitps/ints- internal Jab/admin 2. Click Maintenance > System > Configuration. Upload the following configuration fe: Desktop\Resources\st: 3. Click Restore. 4, Open a new web browser tab. Visit the IntW FortMal’'s management GUI: bitosi/intow intemal abladmin 5. Click Maintenance > System > Configuration, Upload the following configuration file: ting Configs\Lab 7\0 Initial_IntSRV.t KE ir c = Desktop\Resources\starting Configs\Lab 1\07_Initial_Intew.ctg 6. Wait for the VMs to finish rebooting before proceecing withthe exercise. G _ Note: the configuration fies disable all session profile inspection features that can Potentaly interfere with the antispam testing you wil doi this lab FortiMail SiDO NOT REPRINT » LA Antispam © FORTINET 1 Scan Incoming Email for Spam In this exercise, you will vei the FortiGuard configuration. Then, you wil configure an antispam profile to scan all incoming email and send all spam emailto the users’ personal quarantine accounts, To verify FortiGuard configuration 1. In Windows, open a web browser. Visit the IntGW FortiMai's management GUL in Llabladmin 2. Login as admin and leave the password fiald empty. 3. Click Maintenance > FortiGuard > Antispam. 4. In the FortiGuard Antispam Options section, configure the follouing values: Fold Value Enable se Enabled Enable cache: Enabled Cache TTL (Seconds) 300 (default 5. Click Apply to save the changes. 6. To test the connectivity to FortiGuard, under FortiGuard Query set Query type to IP, then in Query, enter an IP address, such as 8.8.8.8, and click Query. 7. Confirm that a Query result and Query score is returned such as Score: 0, Not spam GK Note: ithe Query result is No respon ‘System Status is Trial then change the then test the connection again rf the antispam license status on Monitor > sliGuard service port setting, click Apply, and 8. Click Maintenance > FortiGuard > Update. 9. Click Update Now. To configure an antispam action profile 4. Click Profile > AntiSpam > Action 2. Click New. 3. Configure @ new action profile using the following values: b Field Valve ce Domain: internal ab i Profile name: AAS_In_User_Quar Personal quarantine Enabled a