FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the case when an Email filter is used in Flow-based mode and the tagging does not work.
Scope
FortiGate, flow-based inspection mode.
Solution
In flow-based inspection mode, FortiGate can only block emails (of all protocols), even if the action is specified as a tag, then FortiGate will block the spam email.
This is due to the packet-by-packet nature of flow mode, when FortiGate detects a banned word, the email subject is already passed in a precedent packet, and there is no more chance to tag it.
This is why the FortiGate can only 'Block' on all protocols even SMTP, in flow mode.
# config smtp set log-all enable set action tag set tag-type subject set tag-msg "Spam-Email" set hdrip disable set local-override disable end
