Skip to main content
A
Anonymous_User
Contributor
February 21, 2005
Question

Fortishield Effective

  • February 21, 2005
  • 5 replies
  • 10761 views
Hi...we are in the process of evaluating Fortishield (as many appear to be) and I had a couple of basic questions (hopefully) a) Does the Fortishield simply discard the spam, or tag it?? b) If you are using Fortishield should you disable all other methods (since the fortishield is doing all the work) c) We have a number of scenarios where the mail servers (smtp and pop) are hosted externally outside of the fortigate unit..will fortishield still work?? Thanks!!

    5 replies

    A
    Anonymous_UserAuthor
    Contributor
    February 21, 2005
    Hi, 1) Fortishield will only tag spam mails for pOP and IMAp. For smtp , you have the option to either tag or discard it. 2) Fortishield is still not so effective in that it relies only on the blacklist. I thought it was based on heuristics method which gives you 97% spam prevention. trend and symantec uses this method.... As such many porn attachments or even any other attachments that shud be classified as spam is still being let through . Fortishield fails here:( 3) I really dont have an idea on your 3rd query.
    A
    Anonymous_UserAuthor
    Contributor
    February 21, 2005
    Hi, thanks for the response.. Yeah we' re still seeing a lot of the porn stuff come in as well, I thought it WAS based on the heuristics method as well?????? Crap Crap...I' m hoping this will be resolved or we' re gonna have to find another solution (most likely Postini) Could this be a difference between the trial and paid versions??? My 3d question does appear to be answered as I' d say about 50% of the spam IS being tagged so it appears to be working... Thanks and I' ll keep my fingers crossed
    A
    Anonymous_UserAuthor
    Contributor
    February 24, 2005
    The Spam Functionality is definitely not as strong compared to Trend Micro and Symantec . That' s why Fortinet has launched Fortimail.
    wellington
    wellington
    New Member
    February 24, 2005
    FortiShield is SPAM URL and RBL based. What made you think it was heuristic based?
    A
    Anonymous_UserAuthor
    Contributor
    February 24, 2005
    [Deleted by Admins]
    Alex_Libenson
    Alex_Libenson
    New Member
    February 25, 2005
    According to 2.8 MR8 Release notes you can also enable URL scan in FortiGuard-AntiSpam: 3.11.2 FortiShield Antispam Description: FortiShield Antispam adds URL look-up to the existing IP address look-up to check for known spam sources and spam emails. The firewall protection profiles now have an option to enable FortiShield URL checking. The WebUI has a new check-box option, while the CLI adds a new command: config firewall profile edit <profile-entry> set <smtp/pop3/imap> spamfsurl end
    A
    Anonymous_UserAuthor
    Contributor
    February 25, 2005
    Hi to you all.. Interesting Feedback, as this is what I have done (Enable Fortishield and use in conjunction with the other tools) ... however.. as a consultant looking to recommend solutions to clients, we have been very pleased with the fortinet units overall but Spam is becoming a real problem...if the Fortishield (or Fortiguard Anti-Spam or whatever) can not provide good protection, AND it requires overhead to deal with (tagging messages is a pain) we will have to compare its price/performance against a service like symantec or Postini..upgrading to yet ANOTHER appliance such as the Fortimail is not a viable option for the large degree of users in the 50-A to 200 range which is what our product base is right now.. Bummer as I had great hopes for this...thanks again to you all
    A
    Anonymous_UserAuthor
    Contributor
    March 10, 2005
    Hey you guyz Does anybody know why in several machines I' ve installed up till now, the SPAM tagging never works, but rather it throws away all emails recognized as SPAM ?? I' d really appreciate resolving this problem. Thnx.
    A
    Anonymous_UserAuthor
    Contributor
    March 15, 2005
    its part of the MR8 changes. If you enabled AV then you can no longer tag spam, just discard it. I guess the guys with the long foreheads decided that it is not important to tag spam.
    Don_Draper
    Don_Draper
    New Member
    April 8, 2005
    New user on a Fortigate 200A-HD 2.8 MR8. So for I am a bit dissappointed in the SPAM and AV stuff. Viruses show up in the Fortigate logs but still reach our servers and workstations. What could I be doing wrong here? I thought the Fortigate would be smart enough to block attachments with viruses in them and let other attachment go through safely. Is this assumption incorrect? Banned words in emails result in SMTP session getting blocked. But look at the log and it tells it got blocked but there no way to know which banned word rule caused the block. I would think this would have been added long ago. How can I adjust my blocked words list when I have no idea which one caused the block? Surely I am green and just do not have it configured properly...right?
    rb400
    rb400
    New Member
    April 8, 2005
    you will learn to live with this and other FGT disappointments...Fortinet numbness is your friend...repeat after me........
    A
    Anonymous_UserAuthor
    Contributor
    April 19, 2005
    Giggle, I too am a nooblet when it comes to the FGTs but it was pretty simple to find out that you typically are not even blocking the viruses if your protection profile isn' t using this feature or you use the wrong protection profile in the wrong policy. Pretty simple stuff. I slapped about 12 of these into various networks and my antivirus disinfections on my email servers went from 200-600/hr to about 15 a week. If you read the FTG whitepaper on how AV works, what a " zoo" virus is and how FGTs are so fast you will see that the best AV solutions is a blended one. I may be a noob but this stuff here is da bomb! Spend about 30-60 minutes reading the white papers and the tech manuals and you are good to go. Good luck and I hope you pay no attention to the other guy that replied, he' s definately technically challenged! I' m not the kind of guy that gets stuck on double-consonant, I realize some people need me to talk slow. JB
    A
    Anonymous_UserAuthor
    Contributor
    May 25, 2005
    Hi there! We have just did a research" at one university FortiShield (RBL and URL checking) effectiveness vs Symantec AntiSpam solution 2005 (NIS2005), after two weeks of testing simultaniously both AntiSpam sollutions on few very spammed mail_boxes the results are: Spam recieved on 20050503-20050518 1. Inbox_SPAM (FGT60 only tags) 368 2. Inbox_SPAM (NIS2005+FGT60 tags) 635 3. Inbox_SPAM (NIS2005 only tags) 48 4. Inbox_SPAM (nobody tags) 86 5. Inbox_SPAM (FGT60 false positive) 7 6. Inbox_SPAM (NIS2005 false positive) 82 7. Inbox_SPAM (FGT60 tagged at all) 1003 8. Inbox_SPAM (NIS2005 tagged at all) 683 9. Inbox_SPAM (total spam) 1226 And the results are: FGT60 - found ~82 % of SPAM; NIS2005 - found ~56 % of SPAM. I would say not bad
    Terms & ConditionsAccessibility statement