FortiCarrier DLP Archive options

DLP Archive options

Select DLP archive options to archive MM1, MM3, MM4, and MM7 sessions. In addition to the MMS profile’s DLP archive options, you can:

  • Archive MM1 and MM7 message floods l Archive MM1 and MM7 duplicate messages
  • Select DLP archiving for carrier endpoint patterns in a Carrier Endpoint List and select the Carrier Endpoint Block option in the MMS Scanning section of an MMS Profile

The unit only allows one sixteenth of its memory for transferring content archive files. For example, for units with 128 MB RAM, only 8 MB of memory is used when transferring content archive files. Best practices dictate to not enable full content archiving if antivirus scanning is also configured because of these memory constraints.

DLP Archive
Display DLP metainformation on the system dashboard Select each required protocol to display the content archive summary in the Log and Archive Statistics dashboard widget on the System Dashboard.
DLP Archive
Archive to

FortiAnalyzer/FortiGuard

Select the type of archiving that you want for the protocol (MM1, MM3, MM4, and MM7). You can choose from Full, Summary or None.

None — Do not send content archives.

Summary — Send content archive metadata only. Includes information such as date and time, source and destination, request and response size, and scan result.

Full — Send content archive both metadata and copies of files or messages.

In some cases, FortiOS Carrier may not archive content, or may make only a partial content archive, regardless of your selected option. This behavior varies by prerequisites for each protocol.

This option is available only if a FortiAnalyzer unit or FortiGuard Analysis and Management Service is configured.

Logging

You can enable logging in an MMS profile to write event log messages when the MMS profile options that you have enabled perform an action. For example, if you enable MMS antivirus protection, you could also use the MMS profile logging options to write an event log message every time a virus is detected.

You must first configure how the unit stores log messages so that you can then record these logs messages. For more information, see the FortiOS Handbook Logging and Reporting guide.

Logging
MMS-Antivirus If antivirus settings are enabled for this MMS profile, select the following options to record Antivirus Log messages.
Viruses Record a log message when this MMS profile detects a virus.
Blocked Files Record a log message when antivirus file filtering enabled in this MMS profile blocks a file.
Oversized Files/Emails Record a log message when this MMS profile encounters an oversized file or email message. Oversized files and email messages cannot be scanned for viruses.
MMS Scanning If MMS scanning settings are enabled for this MMS profile, select the following options to record Email Filter Log messages.
Notification Messages Select to log the number of MMS notification messages sent.

 

MMS Content Checksum

Logging
Bulk Messages Select to log MMS Bulk AntiSpam events. You must also select which protocols to write log messages for in the MMS bulk email filtering part of the MMS profile.
Carrier Endpoint Filter Block Select to log MMS carrier endpoint filter events, such as MSISDN filtering.
MMS Content Checksum Select to log MMS content checksum activity.
Content Block Select to log content blocking events.
This entry was posted in FortiCarrier on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.