FortiCarrier MMS Bulk Anti-Spam Detection options

MMS Bulk Anti-Spam Detection options

You can use the MMS bulk email filtering options to detect and filter MM1 and MM4 message floods and duplicate messages. You can configure three thresholds that define a flood of message activity and three thresholds that define excessive duplicate messages. The configuration of each threshold includes the response actions for the threshold.

The configurable thresholds for each of the flood and duplicate sensors and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2.

You can also add MSISDN to the bulk email filtering configuration and select a subset of the bulk email filtering options to applied to these individual MSISDNs.

You must first select MM1 and/or MM4 to detect excessive message duplicates. If excessive message duplicates are detected, the unit will perform the Duplicate Message Action for the specified duration.

You can configure three duplicate message thresholds and enable them with separate values and actions. They are labeled Duplicate Threshold 1 through 3 and must be enabled in sequence. For example, you can enable Duplicate Threshold 1 and Duplicate Threshold 2, but you cannot disable Duplicate Threshold 1 and enable Duplicate Threshold 2.

When traffic accepted by a security policy that contains an MMS profile with duplicate message configured receives MM1 or MM4 duplicate messages that match a threshold configured in the MMS protection profile, the unit performs the duplicate message action configured for the matching threshold.

You can configure three message flood thresholds and enable them with separate values and actions. They are labeled Flood Threshold 1 through 3 and must be enabled in sequence. For example, you can enable Flood Threshold 1 and Flood Threshold 2, but you cannot disable Flood Threshold 1 and enable Flood Threshold 2.

When traffic accepted by a security policy that contains an MMS protection profile with message flooding configured experiences MM1 or MM4 message flooding that matches a threshold configured in the MMS profile, the unit performs the message flood action configured for the matching threshold.

MMS Bulk Anti-Spam Detection

This section of the New MMS Profile page contains numerous sections where you can configure specific settings for flood threshold, duplicate threshold and recipient MSISDNs.

Message Flood

The message flood settings for each flood threshold. Expand each to configure settings for a threshold.

Flood Threshold 1                     Expand to reveal the flood threshold settings for Flood Threshold 1. The settings for Flood Threshold 1 are the same for Flood Threshold 2 and 3.
               Enable                          Select to apply Flood Threshold 1 to the MSISDN exception.
               Message Flood             Enter the period of time during which a message flood will be detected if

Window                         the Message Flood Limit is exceeded. The message flood window can be 1 to 2880 minutes (48 hours).

Enter the number of messages which signifies a message flood if

Message Flood Limit exceeded within the Message Flood Window.

Message Flood Block    Enter the amount of time during which the unit performs the Message Time     Flood Action after a message flood is detected.

 

                  Message Flood              Select one or more actions that the unit is to perform when a message

Action                           flood is detected.

   Flood Threshold 2                    Expand to configure settings for Flood Threshold 2 or 3 respectively.

Flood Threshold 3

Duplicate Message

The duplicate message threshold settings. Expand each to configure settings for a threshold.

   MM1 Retrieve Duplicate            Select to scan MM1 mm1-retr messages for duplicates. By default,

Enable                                     mm1-retr messages are not scanned for duplicates as they may often

be the same without necessarily being bulk or spam.

Select to enable the selected duplicate message threshold and to make

Enable the rest of the options available for configuration.

Duplicate Message        Enter the period of time during which excessive message duplicates will Window be detected if the Duplicate message Limit it exceeded. The duplicate message window can be 1 to 2880 minutes (48 hours).
Duplicate Message        Enter the number of messages which signifies excessive message Limit duplicates if exceeded within the Duplicate Message Window.
Duplicate Message Enter the amount of time during which the unit will perform the Duplicate Block Time Message Action after a message flood is detected.
Duplicate Message        Select one or more actions that the unit is to perform when excessive Action   message duplication is detected.
   Duplicate Threshold 2              Expand to configure settings for Duplicate Threshold 2 or 3 respectively.

Duplicate Threshold 3

Recipient MSISDN

The recipient Mobile Subscriber Integrated Services Digital Network Number (MSISDN) settings for each recipient MSISDN. When you select Create New, you are automatically redirected to the New MSISDN page.

You need to save the profile before you can add MSISDNs.

   Recipient MSISDN                     The recipient MSISDN.
   Flood Threshold 1                    Check to enable Flood Threshold 1 settings for this MSISDN.
   Flood Threshold 2                    Check to enable Flood Threshold 2 settings for this MSISDN.
   Flood Threshold 3                    Check to enable Flood Threshold 3 settings for this MSISDN..
Duplicate Threshold 1 Check to enable Duplicate Threshold 1 settings for this MSISDN.
Duplicate Threshold 2 Check to enable Duplicate Threshold 2 settings for this MSISDN..
Duplicate Threshold 3 Check to enable Duplicate Threshold 3 settings for this MSISDN..
Edit Modifies the settings of a Recipient MSISDN in the Recipient MSISDN list. When you select Edit, you are automatically redirected to the New MSISDN page.
Delete Removes a Recipient MSISDN in the Recipient MSISDN list within the Recipient MSISDN section of the page.
New MSISDN page
Create New Creates a new Recipient MSISDN. When you select Create New, you are automatically redirected to the New MSISDN page.
Recipient MSISDN Enter a name for the recipient MSISDN.
Flood Threshold 1 Select to apply Flood Threshold 1 to the MSISDN exception.
Flood Threshold 2 Select to apply Flood Threshold 2 to the MSISDN exception.
Flood Threshold 3 Select to apply Flood Threshold 3 to the MSISDN exception.
Duplicate Threshold 1 Select to apply Duplicate Threshold 1 to the MSISDN exception.
Duplicate Threshold 2 Select to apply Duplicate Threshold 2 to the MSISDN exception.
Duplicate Threshold 3 Select to apply Duplicate Threshold 3 to the MSISDN exception.
This entry was posted in FortiCarrier on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.