FortiCarrier Message Flood Protection

Configuring message flood detection

To have the Carrier-enabled FortiGate unit check for message floods, you must first configure the flood threshold in an MMS profile, select the MMS profile in a security policy. All the traffic examined by the security policy will be checked for message floods according to the threshold values you set in the MMS profile.

Configure the MMS profile – web-based manager

  1. Go to Firewall Objects > MMS Profile.
  2. If you are editing an MMS profile, select the Edit icon of the MMS profile.

If you are creating a new MMS profile, select Create New and enter a profile name.

  1. Expand MMS Bulk Email Filtering Detection.
  2. Expand Message Flood.
  3. Expand Flood Threshold 1.
  4. Select the Enable check box for MM1 messages, MM4 messages, or both.
  5. In the Message Flood Window field, enter the length of time the Carrier-enabled FortiGate unit will keep track of the number of messages each subscriber sends.

If the Carrier-enabled FortiGate unit detects the quantity of messages specified in the Message Flood Limit sent during the number of minutes specified in the Message Flood Window, a message flood is in progress.

  1. In the Message Flood Limit field, enter the number of messages required to trigger the flood.
  2. In the Message Flood Block Time field, enter the length of time a user will be blocked from sending messages after causing the message flood.
  3. Select the message flood actions the Carrier-enabled FortiGate unit will take when the message flood is detected.
  4. Select OK.

Configure the security policy – web-based manager

  1. Go to Policy.
  2. Select the Edit icon of the security policy that controls the traffic in which you want to detect message floods.
  3. Select the MMS Profile check box to enable the use of a protection profile.
  4. Select the MMS protection profile from the list.
  5. Select OK.

Sending administrator alert notifications

When message floods are detected, the Carrier-enabled FortiGate unit can be configured to notify you immediately with an MMS message. Enable this feature by selecting Alert Notification in the message flood action. Each message flood threshold can be configured separately.

Sending administrator alert notifications

Configuring how and when to send alert notifications

You can configure different alert notifications for MM1 and MM4 message floods. You can configure the FortiOS Carrier unit to send these alert notifications using the MM1, MM3, MM4, or MM7 content interface. Each of these content interfaces requires alert notification settings that the FortiOS Carrier unit uses to communicate with a server using the selected content interface.

For the MM1 content interface you require:

  • The hostname of the server l The URL of the server (usually “/”) l The server port (usually 80)

For the MM3 and MM4 content interfaces you require:

  • The hostname of the server l The server port (usually 80) l The server user domain

For the MM7 content interface you require:

  • The message type l REQ to send a notification message to the sender in the form of a submit request. The message goes from a VAS application to the MMSC.
  • REQ to send a notification message to the sender in the form of a deliver request. The message goes from the MMSC to a VAS application. l The hostname of the server l The URL of the server (usually “/”) l The server port (usually 80) l A user name and password to connect to the server l The value-added-service-provider (VASP) ID l The value-added-service (VAS) ID

For more information, see MMS notifications.

This entry was posted in Administration Guides, FortiCarrier and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.