Tag Archives: download fortios handbook

Setting message flood thresholds

Setting message flood thresholds

A message flood occurs when a single subscriber sends a volume of messages that exceeds the flood threshold you set. The threshold defines the maximum number of messages allowed, the period during which the subscriber sent messages are considered, and the length of time the sender is restricted from sending messages after a flood is detected.

If a subscriber exceeds the message flood threshold and is blocked from sending more messages, any further attempts to send messages will re-start the block period. You must also enable logging for MMS Scanning > Bulk Messages in the Logging section of the MMS protection profile.

A subscriber is still able to receive messages while they are blocked from sending mes- sages.

 

Example

For example, for the first threshold you may determine that any subscriber who sends more than 100 MM1 messages in an hour (60 minutes) will have all messages blocked for half an hour (30 minutes).

Using this example, if the subscriber exceeds the flood threshold, they are blocked from sending message for 30 minutes. If the subscriber tries to send any message after 15 minutes, the message will be blocked and the block period will be reset again to 30 minutes. The block period must expire with no attempts to send a message. Only then will the subscriber be allowed to send more messages.

 

To configure MM1 message flood threshold – web-based manager

1. Go to Security Profiles > MMS Profile.

2. Select Create New.

3. Enter MM1 flood for Profile Name.

4. Expand MMS Bulk Email Filtering Detection.

5. Enter the following information, and select OK.

 

MM1 (first column)

Enable                                        Enable

Message Flood Window          60 minutes

Message Flood Limit               100

Message Flood Block Time     30 minutes

Message Flood Action             Block

 

To configure MM1 message flood threshold – CLI

config firewall mms-profile edit profile_name

config flood mm1

set status1 enable set window1 60

set limit1 100

set action1 block set block-time1 30

end end

The threshold values that you set for your network will depend on factors such as how busy your network is and the kinds of problems that your network and your subscribers encounter. For example, if your network is not too busy you may want to set message flood thresholds relatively high so that only an exceptional situation will exceed a flood threshold. Then you can use log messages and archived MMS messages to determine what caused the flood.

If your subscribers are experiencing problems with viruses that send excessive amounts of messages, you may want to set thresholds lower and enable blocking to catch problems as quickly as possible and block access to keep the problem from spreading.

 

Flood actions

When the Carrier-enabled FortiGate unit detects a message flood, it can take any combination of the five actions that you can configure for the flood threshold. For detailed options, see Message Flood.