Fortinet FortiGate FortiGate-5001 Administration Manual page 336

FortiShield
336
FortiShield compiles the IP address list and URL list from email captured by spam
probes located around the world. Spam probes are email addresses purposely
configured to attract spam and identify known spam sources to create the antispam IP
address and URL address lists. FortiShield combines IP address checks and URL
checks with other spam filter techniques in a two-pass process.
On the first pass, if IP address FortiShield check is selected in the protection profile,
FortiShield extracts the SMTP mail server source address and sends the IP address
to a FortiShield server to see if this IP address matches the list of known spammers. If
URL FortiShield check is selected in the protection profile, FortiShield checks the
body of email messages to extract any URL links. These URL links will be sent to a
FortiShield server to see if any of them is listed. Typically Spam messages contain
URL links to advertisements (also called spamvertizing).
If an IP address or URL match is found, FortiShield terminates the session. If
FortiShield does not find a match, the mail server sends the email to the recipient.
As each email is received, FortiShield performs the second antispam pass by
checking the header, subject, and body of the email for common spam content. If
FortiShield finds spam content, the email is tagged or dropped according to the
configuration in the firewall protection profile.
Both FortiShield antispam processes are completely automated and configured by
Fortinet. With constant monitoring and dynamic updates, FortiShield is always current.
You can enable or disable FortiShield in a firewall protection profile. See
spam filtering options" on page
FortiShield Service Points
FortiShield Service Points provide worldwide coverage. By default, the FortiGate unit
communicates with the closest Service Point. If the Service Point becomes
unreachable for any reason, the FortiGate unit contacts another Service Point and
rating information is available within seconds. FortiShield Service Points are highly
scalable and new Service Points are added as required. The FortiGate unit
communicates with the Service Point over UDP on port 8889. You can change the
FortiShield hostname if required, using the CLI. See
page 338.
FortiShield licensing
Every FortiGate unit comes with a free 30-day FortiShield trial license. FortiShield
license management is done by Fortinet servers, so there is no need to enter a
license number. The FortiGate unit automatically contacts a FortiShield Service Point
when you enable FortiShield.
When you want to renew your FortiShield license after the free trial, contact Fortinet
Technical Support.
FortiShield configuration
Once selected, FortiShield is enabled globally. After enabling FortiShield you can
enable FortiShield IP address checking and URL checking in each firewall protection
profile.
01-28008-0013-20050204
237.
"FortiShield CLI configuration" on
Spam filter
"Configuring
Fortinet Inc.