Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
akawade
Staff
Staff

Created on ‎10-10-2020 01:37 AM Edited on ‎11-11-2024 09:58 PM By Community Manager

Article Id 196805

Technical Tip: How to configure IP exemption from authentication reputation

Description


This article provides information on URL/IP exempt list.

 

Scope

 

FortiMail.

Solution


FortiMail has authentication mechanism to block IP addresses if failed login attempts from that IP address reach the threshold.

The FortiMail access can be control with:

  • CLI: access via SSH.
  • Mail: mail access via SMTP(S), IMAP(S), POP3(S).
  • Web: admin and webmail access via HTTP(S).

The blocking duration is based on the login history of the IP address. The maximum time an IP address can be blocked is 45 days.

Example:

  1. if the initial block period is set to 10 minutes, depending on the user’s number of violations, the actual maximum block time can be up to 2 hours.
  2. If it is set to 30 minutes, the actual block time can be up to 12 hours.
  3. If it is to more than 70 minutes, the actual block time can be up to 45 days.

So, to avoid false positives, it is not recommended to use a longer initial block time setting. The recommended setting is less than 30 minutes(default = 10 minutes).
If a user has logins continuously within a period, then the user’s IP will be automatically added to an auto/dynamic exempt list.

To monitor the blocked IP address information, go to Monitor -> Reputation -> Authentication Reputation.

 

KB_edit_Auth_rep.PNG

 

To configure authentication reputation settings.

  1. Go to Security -> Authentication Reputation -> Settings.
  2. Configure the below settings.
  • Status: Select Enable, Disable, or Monitor only. Monitor only means that failed login attempts will be counted and scored but will not be blocked.
  • Access tracking : Enable or disable what types of login access will be tracked: CLI, Mail, or Web.
  • Initial block period : Specify how long the IP will be blocked after its failed login attempts reach the threshold for the first time. The actual block time will be increased for repeated IP’s.

 

Auth-Rep-Setting.PNG
To manually exempt IP addresses from authentication reputation tracking.

  1. Go to Security -> Authentication Reputation -> Exempt.
  2. Select 'New'.
  3. Enter the IP address and netmask.
  4. Select 'Create'.


auth-exempt-1.PNG

 

auth-exempt-2.PNG

 

To manage the auto-exempt list.

  1. Go to Security -> Authentication Reputation -> Auto Exempt.
  2. The exempted IP addresses are displayed.
  3. To remove an IP address from the list, select the IP address and select 'Delete'.


Related document:
Email concepts and process workflow

3034
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.