Viewing the Endpoint Reputation Statuses

Viewing the endpoint reputation statuses

Go to Monitor > Endpoint Reputation > Auto Blacklist to view the current list of carrier end points (by their MSISDN, subscriber ID, or other identifier) that were caught by FortiMail for sending spam. For general procedures about how to configure endpoint reputation, see “Configuring endpoint reputation” on page 639.

If a carrier end point has attempted to deliver during the automatic blacklisting window a number of spam text messages that is greater than the automatic endpoint blacklisting threshold, FortiMail unit adds the carrier end point to the automatic endpoint black list for the duration configured in the session profile. While the carrier end point is on the automatic black list and it does not expire, all text messages or email messages from it will be rejected. For information on configuring the automatic black list window, see “Configuring the endpoint reputation score window” on page 643. For information on enabling the endpoint reputation scan and configuring the automatic black list threshold in a session profile, see “Configuring session profiles” on page 482.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Black/White List category For details, see “About administrator account permissions and domains” on page 290.

To view the automatic endpoint reputation black list, go to Monitor > Endpoint Reputation > Auto Blacklist.

Figure 77:Viewing endpoint reputation scores

Table 18:Auto Blacklist tab

GUI item Description
Move

(button)

To move entries to the manual endpoint black list or white list, in the check box column, mark the check boxes of entries that you want to move, then click Move.
Search

(button)

Click to filter the displayed entries. For more information, see “Filtering automatic endpoint black list entries” on page 202.
Endpoint ID Lists the mobile subscriber IDSN (MSISDN), subscriber ID, login ID, or other unique identifier for the carrier end point.
Score Lists the number of text messages or email messages that the FortiMail has detected as spam or infected from the MSISDN/subscriber ID during the automatic endpoint black list window.
Expire Lists the time at which the automatic endpoint blacklisting entry expires and is removed from the list.

N/A appears if the endpoint ID has not reached the threshold yet.

Filtering automatic endpoint black list entries

You can filter automatic endpoint black list entries that appear on the Auto Blacklist tab based on the MSISDN, subscriber ID, or other sender identifier.

To filter the endpoint black list entries

  1. Go to Monitor > Endpoint Reputation > Auto Blacklist.
  2. Click Search.

Figure 78:A dialog appears.Search Dialog

GUI item Description
Field Displays one option: Endpoint ID.
Operation Select how to match the field’s contents, such as whether the row must contain the contents of Value.
Case Sensitive Enable for case-sensitive filtering.
Value Enter the identifier of the carrier end point, such as the subscriber ID or MSISDN, for the entry that you want to display.

A blank field matches any value. Use an asterisk (*) to match multiple patterns, such as typing 46* to match 46701123456, 46701123457, and so forth. Regular expressions are not supported.

  1. Click Search.

The Auto Blacklist tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Auto Blacklist tab to refresh its view.

This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.