Logging
You can enable logging in an MMS profile to write event log messages when the MMS profile options that you have enabled perform an action. For example, if you enable MMS antivirus protection, you could also use the MMS profile logging options to write an event log message every time a virus is detected.
You must first configure how the unit stores log messages so that you can then record these logs messages. For more information, see the FortiOS Handbook Logging and Reporting guide.
Logging | |
MMS-Antivirus | If antivirus settings are enabled for this MMS profile, select the following options to record Antivirus Log messages. |
Viruses | Record a log message when this MMS profile detects a virus. |
Blocked Files | Record a log message when antivirus file filtering enabled in this MMS profile blocks a file. |
Intercepted Files | Record a log message when this MMS profile intercepts a file. |
Oversized Files/Emails | Record a log message when this MMS profile encounters an oversized file or email message. Oversized files and email messages cannot be scanned for viruses. |
MMS Scanning | If MMS scanning settings are enabled for this MMS profile, select the following options to record Email Filter Log messages. |
Notification Messages | Select to log the number of MMS notification messages sent. |
Logging | |
Bulk Messages | Select to log MMS Bulk AntiSpam events. You must also select which protocols to write log messages for in the MMS bulk email filtering part of the MMS profile. |
Carrier Endpoint Filter Block | Select to log MMS carrier endpoint filter events, such as MSISDN filtering. |
MMS Content Checksum | Select to log MMS content checksum activity. |
Content Block | Select to log content blocking events. |
MMS Content Checksum
The MMS Content Checksum menu allows you to configure content checksum lists.
Configure MMS content checksum lists in Security Profiles > MMS Content Checksum using the following table.
MMS Content Checksum
Lists each individual content checksum list that you created. On this page, you can edit, delete or create a content checksum list. |
|
Creates a new MMS content checksum list. When you select Create New, you are automatically redirected to the New List. This page provides a
Create New name field and comment field. You must enter a name to go to MMS Content Checksum Settings page. |
|
Edit Modifies settings to a MMS content checksum. When you select Edit, you are automatically redirected to the MMS Content Checksum Settings page. | |
Removes an MMS content checksum from the page.
To remove multiple content checksum lists from within the list, on the MMS Content Checksum page, in each of the rows of the content checksum lists Delete you want removed, select the check box and then select Delete. To remove all content checksum lists from list, on the MMS Content Checksum page, select the check box in the check box column and then select Delete. |
|
Name The name of the MMS content checksum list that you created. | |
# Entries The number of checksums that are included in the content checksum list. | |
MMS Profiles | The MMS profile or profiles that have the MMS content checksum list applied. For example if two different MMS profiles use this content checksum list, they will both be listed here. |
Comments | A description given to the MMS content checksum. |
Ref. | Displays the number of times the object is referenced to other objects. For example, av_1 profile is applied to a security policy; on the Profile page (Security Profiles > AntiVirus > Profiles), 1 appears in Ref. .
To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object. To view more information about how the object is being used, use one of the following icons that is avialable within the Object Usage window: • View the list page for these objects – automatically redirects you to the list page where the object is referenced at. • Edit this object – modifies settings within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a security policy and so, when this icon is selected, the user is redirected to the Edit Policy page. • View the details for this object – table, similar to the log viewer table, contains information about what settings are configured within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a security policy, and that security policy’s settings appear within the table. |
Notification List
The Notification List menu allows you to configure a list of viruses. This virus list provides a list for scanning viruses in MMS messages. You can use one virus list in multiple MMS profiles, and configure multiple virus lists.
Notification list configuration settings
The following are notification list configuration settings in Security Profiles > Carrier > Notification List.
Notification List
Lists all the notification lists that you created. On this page you can edit, delete or create a new notification list. |
Creates a new notification list. When you select Create New, you are
Create New automatically redirected to the New List page. You must enter a name to go to the Notification List Settings page. |
Edit Modifies settings within the notification list. When you select Edit, you are automatically redirected to the Notification List Settings page. | |
Removes a notification list from the list on the Notification List page.
To remove multiple notification lists from within the list, on the Notification List page, in each of the rows of the notification lists you want removed, Delete select the check box and then select Delete. To remove all notification lists from the list, on the Notification List page, select the check box in the check box column and then select Delete. |
|
Name The name of the MMS content checksum list that you created. | |
# Entries The number of checksums that are included in that content checksum list. | |
MMS Profiles The MMS profile or profiles that are associated with | |
Comments A description given to the MMS notification list. | |
Ref. Displays the number of times the object is referenced to other objects. For
example, av_1 profile is applied to a security policy; on the Profile page (Security Profiles > Antivirus > Profiles), 1 appears in Ref. . To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object. To view more information about how the object is being used, use one of the following icons that is avialable within the Object Usage window: • View the list page for these objects – automatically redirects you to the list page where the object is referenced at. • Edit this object – modifies settings within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a security policy and so, when this icon is selected, the user is redirected to the Edit Policy page. • View the details for this object – table, similar to the log viewer table, contains information about what settings are configured within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a security policy, and that security policy’s settings appear within the table. |
|
Notification List Settings
Provides settings for configuring a notification list, which is a list of viruses and is used for scanning viruses in MMS messages. This list is called the Antivirus Notification List in an MMS profile. |
|
Name | If editing the name of a notification list, enter the new name in this field. You must select OK to save the change. |
Comments | If you want to enter a comment, enter the comment in the field. You must select OK to save the change. |
Create New | Creates a notification entry in the list. When you select Create New, you are automatically redirected to the New Entry page. |
Edit | Modifies settings within a notification list. When you select Edit, you are automatically redirected to the Edit Entry page. |
Delete | Removes a notification entry from the list on the page.
To remove multiple notification entries from within the list, on the Notification List Settings page, in each of the rows of the entries you want removed, select the check box and then select Delete. To remove all notification entries from the list, on the Notification List Settings page, select the check box in the check box column and then select Delete. |
Enable | Enables a notification entry that is disabled. |
Disable | Disables a notification entry so that it is not active and available for use, but it is not deleted. |
Remove All Entries | Removes all notification entries that are listed on the Notification List Settings page. |
Enable | Displays whether or not the checksum is enabled. |
Virus Name/Profile | The name of the virus that was added to the list. |
Entry Type | The type of match that will be used to match the virus stated in the notification list to the actual virus that is found. |
New Entry page | |
Virus Name/Profile | Enter the virus name. |
Entry Type | Select the type of match that will be used to match the virus stated in the notification list to the actual virus that is found. |
Enable | Select to enable the virus in the list. |
Message Flood
The convenience offered by MM1 and MM4 messaging can be abused by users sending spam or attempting to overload the network with an excess of messages. MMS flood prevention can help prevent this type of abuse. A message flood occurs when a single subscriber sends a volume of messages that exceed the flood threshold that you set. The threshold defines the maximum number of messages allowed, the period during which the subscriber sent messages are considered, and the length of time the sender is restricted from sending messages after a flood is detected. For example, for the first threshold you may determine that any subscriber who sends more than 100 MM1 messages in an hour (60 minutes) will have all outgoing messages blocked for 30 minutes.
Action | Description | |
Log | Add a log entry indicating that a message flood has occurred. You must also enable logging for MMS Scanning > Bulk Messages in the Logging section of the MMS protection profile. | |
DLP Archive | Save the first message to exceed the flood threshold, or all the messages that exceed the flood threshold, in the DLP archive. DLP archiving flood messages may not always produce useful results. Since different messages can be causing the flood, reviewing the archived messages may not be a good indication of what is causing the problem since the messages could be completely random. | |
All messages | All the messages that exceed the flood threshold will be saved in the DLP archive. | |
First message only | Save only the first message to exceed the flood threshold in the DLP archive. Other messages in the flood are not saved. For message floods this may not produce much useful information since a legitimate message could trigger the flood threshold. | |
Intercept | Messages that exceed the flood threshold are passed to the recipients, but if quarantine is enabled for intercepted messages, a copy of each message will also quarantined for later examination. If the quarantine of intercepted messages is disabled, the Intercept action has no effect. | |
Block | Messages that exceed the flood threshold are blocked and will not be delivered to the message recipients. If quarantine is enabled for blocked messages, a copy of each message will quarantined for later examination. | |
Alert Notification | If the flood threshold is exceeded, the Carrier-enabled FortiGate unit will send an MMS flood notification message.
In the web-based manager when Alert Notification is selected it displays the fields to configure the notification. |
Flood protection for MM1 messages prevents your subscribers from sending too many messages to your MMSC. Configuring flood protection for MM4 messages prevents another service provider from sending too many messages from the same subscriber to your MMSC.
Message flood configuration settings
The following are message flood configuration settings in Security Profiles > Carrier > Message Flood.
Message Flood
Lists the large amount of messages that are being sent to you from outside sources. |
Removes messages from the list.
To remove multiple messages from within the list, on the Message Flood page, in each row of the messages you want removed, select the check box Delete and then select Delete. To remove all messages from the list, on the Message Flood page, select the check box in the check box column and then select Delete. |
Remove All Entries Removes all messages from the list. |
Protocol The protocol used. |
MMS Profile The MMS profile that is used. |
Sender The sender’s email address. |
Level The level of severity of the message. |
The count column can be up or down and these settings can be turned off
Count by selecting beside the column’s name. |
Window Size (minutes) The time in minutes. |
The time in seconds and in minutes. The timer column can be up or down
Timer (minutes:seconds) and these settings turned off by selecting beside the column’s name. |
Page Controls Use to navigate through the list. |
Duplicate Message
Duplicate message protection for MM1 messages prevents multiple subscribers from sending duplicate messages to your MMSC. Duplicate message protection for MM4 messages prevents another service provider from sending duplicate messages from the same subscriber to your MMSC.
The unit keeps track of the sent messages. If the same message appears more often than the threshold value that you have configured, action is taken. Possible actions are logging the duplicate messages, blocking or intercepting them, archiving, and sending an alert to inform an administrator that duplicate messages are occurring.