Email Filtering Options - Fortinet FortiGate Series Administration Manual

Configuring a protection profile

Email Filtering options

498
Strict Blocking
Rate URLs by domain and IP
address
Block HTTP redirects by
rating
Category
Classification
Several email filters can be configured in the protection profile. With the IP address filter,
FortiGuard AntiSpam extracts the email server source address and sends the IP address
to a FortiGuard Antispam server to check if this IP address matches the list of known
spammers. If the IP address is found, FortiGuard Antispam terminates the session. If
FortiGuard Antispam does not find a match, the email server sends the email to the
recipient. With the URL filter, FortiGuard Antispam checks the body of email messages to
This option is enabled by default. Strict Blocking only has an effect
when either a URL fits into a protection profile category and
classification or Rate URLs by domain and IP address is enabled.
With Rate URLs by domain and IP address enabled, all URLs
have two categories and up to two classifications (one set for the
domain and one set for the IP address). All URLs belong to at
least one category (including the Unrated category) and may also
belong to a classification.
If you enable Strict Blocking, a site is blocked if it is in at least one
blocked category or classification and only allowed if all categories
or classifications it falls under are allowed.
If you do not enable Strict Blocking, a site is allowed if it belongs to
at least one allowed category or classification and only blocked if
all categories or classifications it falls under are allowed.
For example, suppose that a protection profile blocks Search
Engines but allows "Image Search", and that the URL
"images.example.com" falls into the General Interest / Search
Engines category and the Image Search classification.
With Strict Blocking enabled, this URL is blocked because it
belongs to the Search Engines category, which is blocked.
With Strict Blocking disabled, the URL is allowed because it is
classified as Image Search, which the profile allows. It would be
blocked only if both the Search Engines category and Image
Search classification were blocked.
Select to send both the URL and the IP address of the requested
site for checking, and thus provide additional security against
attempts to bypass the FortiGuard system.
However, because IP rating is not updated as quickly as URL
rating, some false ratings may occur.
Enable to block HTTP redirects.
Many web sites use HTTP redirects legitimately; however, in some
cases, redirects may be designed specifically to circumvent web
filtering, as the initial web page could have a different rating than
the destination web page of the redirect. Not supported for
HTTPS.
FortiGuard Web Filtering provides many content categories for
filtering web traffic. Categories reflect the subject matter of the
content.
For each category, select to Allow or Block and, if the category is
blocked, whether or not to Allow Override to permit users to
override the filter if they successfully authenticate. You can also
select to log each traffic occurrence of the category.
In addition to content categories, FortiGuard Web Filtering
provides functional classifications that block whole classes of web
sites based upon their functionality, media type, or source, rather
than the web site's subject matter.
Using classifications, you can block web sites that host cached
content or that facilitate image, audio, or video searches, or web
sites from spam URLs. Classification is in addition to, and can be
configured separately from, the category.
For each class, select to Allow or Block and, if the class is blocked,
whether or not to Allow Override to permit users to override the
filter if they successfully authenticate. You can also select to log
each traffic occurrence of the class.
FortiGate Version 4.0 MR1 Administration Guide
Firewall Protection Profile
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback