FFT-FortiMail r4 Lab Guide Table of contents 1. Introduction .................................................................................................................................. 3 1.1. Fast Track Overview .......................................................................................................... 4 1.2. Agenda ................................................................................................................................ 5 1.3. Topology .............................................................................................................................. 6 2. Session Profiles ............................................................................................................................ 7 2.1. Creating a Session Profile and IP-Based Policy ............................................................ 8 2.2. Log Analysis ...................................................................................................................... 10 3. Antivirus/Antimalware ............................................................................................................... 11 3.1. Providing Protection Against Emerging Virus/Malware ............................................ 12 3.2. Log Analysis ...................................................................................................................... 13 4. Impersonation Analysis ............................................................................................................. 14 4.1. Providing Protection Against Email Impersonation ................................................... 15 4.2. Log Analysis ...................................................................................................................... 17 5. Content Disarm and Reconstruction ....................................................................................... 19 5.1. Sanitize Microsoft Office Word Document ................................................................... 20 5.2. Log Analysis ...................................................................................................................... 22 6. URL Click Protection .................................................................................................................. 23 6.1. Redirect URLs to FortiIsolator ....................................................................................... 24 6.2. Log Analysis ...................................................................................................................... 26 7. Identity-Based Encryption ........................................................................................................ 27 7.1. Configure IBE .................................................................................................................... 28 7.2. Send and Receive the Encrypted Email ....................................................................... 31 7.3. Log Analysis ...................................................................................................................... 33 8. Conclusion ................................................................................................................................... 34 8.1. Continued Education ....................................................................................................... 35 Page 2 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 1. Introduction Fast Track Workshops: Advanced Email Security Solution Email is a critical tool for business, but it is also a preferred delivery method for ransomware, phishing, and compromise attacks. According to the 2019 Verizon report, 94% of malware was delivered via malicious emails. Gartner asserts that advanced threats (such as ransomware and business email compromise) are easily bypassing the signature-based and reputation-based prevention mechanisms that a secure email gateway (SEG) has traditionally used. FortiMail replaces incumbent SEGs with a product tailored for advanced threat defense, including Office 365 integration and the CTAP program. FortiMail email security shields users, and ultimately data, from a wide range of cyber threats. These include ever-growing volumes of unwanted spam, phishing and business email compromise, ransomware and other malware, targeted attacks, and more. Tasks The blue button at the top of this page is the primary action button. When there is an action that can be completed on the page, this button will change accordingly. We'll discuss the types of actions available shortly, but for now, we'll use it to begin our work. When ready click the blue Continue button within the top menu above to get started. Page 3 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 1.1. Fast Track Overview Fast Tracks are a free instructor-led hands-on workshop that introduce Fortinet solutions for securing your digital infrastructure. These workshops are only an introduction to what Fortinet security solutions can do for your organization. For more in-depth training, we encourage you to investigate our full portfolio of NSE training courses at https://training.fortinet.com. Tasks The blue button at the top of this page is the primary action button. When there is an action that can be completed on the page, this button will change accordingly. When ready, click the blue Continue button in the menu at the top of the page to get started. Page 4 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 1.2. Agenda Agenda In the case of this workshop, the exercises are organized like this: Section Topic Time Prerequisite Mandatory 2 Session Profiles 10 Minutes - Yes 3 Antivirus/Antimalware 15 Minutes 2 Yes 4 Impersonation Analysis 15 Minutes 2 Yes 5 Content Disarm and Reconstruction 15 Minutes 2 Yes 6 URL Click Protection 15 Minutes 2 Yes 7 Identity-Based Encryption 20 Minutes 2 Yes Note: Depending on which order you complete the exercises, your screen may differ slightly from the screenshots shown in the lab guide. Tasks Click Continue to move to the next page. Page 5 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 1.3. Topology Topology Tasks Click Continue to move to the next page. This will be the last time we specifically state to click on the Continue button, from now on it is assumed that the user understands how to move forward. Page 6 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 2. Session Profiles Session Profiles Session profiles focus on the connection and envelope portion of the SMTP session. This is in contrast to other types of profiles that focus on the message header, body, or attachments. Unlike other types of FortiMail profiles, session profiles are only applied as part of an IP policy. Time to complete: 10 minutes Page 7 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 2.1. Creating a Session Profile and IP-Based Policy Background In this exercise, you configure the session profile for outgoing mail. You then create an IP-based policy that includes the new session profile, which FortiMail will use to process all outgoing emails from the domain. Tasks 1. On the Lab Activity sidebar, in the DMZ section, access FortiMail by clicking HTTPS. 2. Login using the credentials: Username: admin Password: Fortinet1! 3. Click Profile > Session. 4. Select the Outbound_Session as profile name and click Edit. 5. Set Restrict the number of connections per client per 30 minutes to 500 6. Set Maximum concurrent connections for each client to 5 7. Expand Session Setting. 8. Turn on Perform strict syntax checking. 9. Expand Unauthenticated Session Setting. 10. Turn off the Check sender domain and turn on the Check recipient domain. 11. Expand SMTP Limits. 12. Set Restrict number of email per session to 20 13. Click OK to save the profile. Page 8 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 14. Click Policy > IP Policy. 15. Click New to create a new IP-based policy. 16. Set Source to the IP 172.16.100.0 and Netmask 24 17. Under Profiles, set Session to Outbound_Session. 18. Click Create to save the policy. 19. In the policy list, select the new policy and click Move. Move the policy to the top of the list so that it has precedence over the two default policies. Page 9 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 2.2. Log Analysis Log Analysis Now that you configured the IP-based policy, you can confirm that FortiMail uses this policy for outgoing email from clients on the 172.16.100.0/24 subnet. 1. On the Lab Activity sidebar, in the Sales section, use the RDP connection to access the device Alice. 2. Open Mozilla Thunderbird. 3. Click Write and compose a test email to the external recipient david@acmecorp.com. 4. Click Send. 5. Connect to FortiMail. 6. Click Monitor > Log > History. 7. Double-click on the entry for the test email and locate the Policy ID field. This field shows which policies the email flowed through. The information in this field is in the format of X:Y:Z where: X is the ID of the global access control policy. Y is the ID of the IP-based policy. Z is the ID of the recipient-based policy. If the matched recipient-based policy is incoming, the protected domain is shown at the end The test email flowed through the new IP-based policy, which has the ID 3. Question FortiMail has two types of policies available: IP-based policies, based on the IP address of the connecting SMTP client and, if the FortiMail unit is operating in transparent mode, the SMTP server Recipient-based policies based on the recipient’s email address When configuring FortiMail, you can use either or both types of policies. Which of the following situations require an IP-based policy rather than recipient-based? (Select all that apply) Select the correct answer(s) Mail hosting service providers Internet service providers Session control All of the above Page 10 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 3. Antivirus/Antimalware Background An attacker is sitting on a server in an external, untrusted domain somewhere on the internet. They have been continuously trying to steal confidential information and infect user machines at Acme Corp by carrying out various types of email attacks. Due to this continuous malicious effort over the last few days, they have been successful in stealing the email address of an employee named Alice, whose email address is alice@acmecorp.net. In this exercise, you configure an antivirus profile to scan for emails that contain viruses or malware. You also configure a recipient policy for incoming emails sent to the acmecorp.net domain. Time to complete: 15 minutes Page 11 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 3.1. Providing Protection Against Emerging Virus/Malware Background Alice is a sales manager at Acme Corp. The attacker wants to infect Alice’s Windows PC by sending her an infected executable file (EICAR) in an email attachment. Tasks 1. Connect to FortiMail. 2. Click Dashboard. 3. Locate the Summary (Today) widget, which shows that FortiMail has not detected any viruses. 4. Click Profile > AntiVirus > AntiVirus. 5. From the Domain dropdown list, select acmecorp.net. 6. Edit the AV_Reject_ACMECORP antivirus profile. 7. Turn on AntiVirus. Leave the default antivirus settings. 8. Click OK. 9. Click Policy > Recipient Policy > Inbound. 10. Edit the acmecorp.net inbound recipient policy. 11. In the Profiles section, use the AntiVirus dropdown menu to select the AV_Reject_ACMECORP. 12. Click OK. Page 12 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 3.2. Log Analysis Log Analysis Now that you have successfully completed the exercise, you can verify the results by analyzing the FortiMail logs. Then, you will answer a Stop and Think question before moving onto the next exercise. 1. On the FortiMail, click Dashboard. 2. The Statistics Summary (Today) widget now shows that FortiMail detected a virus. 3. Click Monitor > Log > AntiVirus. Locate the log about blocking the EICAR_TEST_FILE and click the Session ID of that log entry. 4. FortiMail displays the sequence of events (bottom to top) in milliseconds that occurred within FortiMail while the email was being relayed through it. 5. Double-click on the log entry with Log Type of History. 6. Verify the sender, receiver email addresses, and the attacker’s IP address. Question Why did FortiMail reject this email? (Select all that apply) Select the correct answer(s) The email was sourced from a spoofed email address. The default action for the antivirus profile rejects emails infected with any virus/malware. The email contained a file which was infected with virus EICAR_TEST_FILE. The email was infected with phishing website links. Page 13 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 4. Impersonation Analysis Impersonation Analysis Email impersonation is one of the main problems being faced by many businesses today. Impersonators create email headers to deceive the recipient into believing the sender is from a legitimate and trusted source. For example, if an external spammer wants to impersonate the CEO of your company (CEO@company.com), the spammer places “CEO ABC <ceo@external.com>” in the email header and sends the message to the user. In this exercise, you create an impersonation analysis profile, configure an antispam profile, and configure the recipient policy for the acmecorp.net domain. Time to complete: 15 minutes Page 14 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 4.1. Providing Protection Against Email Impersonation Background The attacker wants to steal the financial reports of Acme Corp. To do this, they will impersonate Ken Xie, the CEO of Acme Corp, and send an email to Alice that asks her to send back the financial reports of the organization. Tasks 1. Connect to FortiMail. 2. Click Profile > Antispam > Impersonation. 3. From the Domain dropdown list, select acmecorp.net. 4. Edit the profile BEC. 5. Under Impersonation, click New. 6. Enter the Display name pattern as Ken Xie 7. Use the Pattern type drop-down list to select Wildcard. 8. Set Email address to ceo@acmecorp.net Note: Make sure you have entered the display name and email address exactly as shown. 9. Click Create. 10. Click OK to save the impersonation profile. 11. Click Profile > AntiSpam > AntiSpam. 12. User the Domain drop-down list to select acmecorp.net. 13. Edit AS_Inbound_ACMECORP. 14. Set Default action to SystemQuarantine. 15. Turn on and expand Impersonation. 16. Turn on and expand the Impersonation analysis. 17. Set Impersonation profile to BEC. Page 15 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 18. Click OK to save the antispam profile. 19. Click Policy > Recipient Policy > Inbound. 20. Edit the acmecorp.net inbound recipient policy. 21. In the Profiles section, use the Antispam drop-down list to select AS_Inbound_ACMECORP. 22. Click OK. Page 16 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 4.2. Log Analysis Log Analysis 1. Click Monitor > Quarantine > System Quarantine, and then double-click Bulk/current. 2. Under the From column, double-click on the log entry that says Ken Xie <ceo@acmecrop.net> to see the original email that was sent by the attacker. 3. Expand the Subject button to verify the sender’s email address. 4. After verification, click Close. 5. Click Monitor > Log > History. 6. Under the Classifier column, locate the log entry that says Impersonation Analysis. 7. Click the Session ID of this log entry. Note: You may need to scroll right to locate the Session ID column. 8. Double-click on the log entry with the Log Type of AntiSpam to view more information. 9. Click Close. 10. Double-click on the log entry with the Log Type of History to view more information. 11. Click Close. Page 17 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute Question Why did FortiMail quarantine this email? (Select all that apply) Select the correct answer(s) FortiMail has an entry for Ken Xie in the impersonation analysis profile The attacker used a spoofed email address, ceo@acmecrop.net The email domain acmecrop.net is an untrusted/external email domain FortiMail examined the email body and found it contains a request to send financial reports Page 18 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 5. Content Disarm and Reconstruction Introduction FortiMail content disarm and reconstruction (CDR) is a data sanitation service that can fortify zero-day protection strategies. This service removes all active content from Microsoft Office documents and PDF files, creating a flat, sterile file. In this exercise, the attacker sends Alice an email with a Microsoft Word document attached. The contents of the document include a VBA macro-embedded table plus a phishing website. In this exercise, you configure the content profile and recipient policy. Time to complete: 15 minutes Page 19 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 5.1. Sanitize Microsoft Office Word Document Background Before starting this exercise, review the source document. This will help to better illustrate how FortiMail protects the email recipient, as you will be able to better compare and contrast the original with the resulting document that Alice will receive. To review the document, do the following: 1. On the lab activity sidebar, in the Sales section, use the RDP connection to access the device Alice. 2. From the Desktop, open the file mydoc-original.docm in LibreOffice Writer. 3. When the pop-up message appears, click Enable Macros. 4. At the top of the document, there is a table. Double-click the table to open it in LibreOffice Calc and verify that it is a functioning spreadsheet. 5. Below the table, there is a phishing website hyperlink: http://www.signinbankofamerica.com. Hover over the text to verify the link address. 6. Close the document without saving it. Tasks 1. Connect to FortiMail. 2. Click Profile > Content > Content. 3. From the Domain drop-down list, select acmecorp.net. 4. Edit the CF_Inbound_ACMECORP profile. 5. Use the Action drop-down list to select UserQuarantine. 6. Expand Content Disarm and Reconstruction. 7. Use the Action drop-down list to select --Default--. 8. Enable MS Office. 9. Click OK. Page 20 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 10. Go to Policy > Recipient Policy > Inbound. 11. Edit the acmecorp.net inbound recipient policy. 12. In the Profiles section, use the Content drop-down list to select the CF_Inbound_ACMECORP. Note: If you have completed use case 6.0: URL Click Protection, this profile will already be selected. 13. Click OK. Page 21 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 5.2. Log Analysis Log Analysis 1. Click Monitor > Quarantine > Personal Quarantine. 2. Under the Mailbox column, double-click on the log entry for alice@acmecorp.net. 3. Under the From column, double-click on the log entry for yourfriend@gmail.com. 4. FortiMail shows a modified copy of the email. Because CDR has been applied to the email, it is safe to release from quarantine. 5. At the bottom of the window, click Release. When the pop-up appears, click Release again to send the email to Alice, the original recipient. 6. Connect to Alice. 7. Open Mozilla Thunderbird. The email is in Alice’s inbox. 8. Open the email and expand 1 attachment. Right-click mydoc.docm and click Save As. Save the file to the Desktop. 9. Open the file. FortiMail has disarmed the macros and reconstructed the file to contain an image rather than an editable table. Question What happened to the address of the hyperlink in the email after FortiMail disarmed and reconstructed the file? Select the correct answer(s) The address remains the same as in original file: http://www.signinbankofamerica.com The address was modified to point towards the local FortiMail: http://192.168.0.102 The address was modified to point towards Fortinet's website: https://www.fortinet.com The address was modified to: http://? Page 22 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 6. URL Click Protection URL Click Protection Attackers using phishing techniques commonly use the time between sending an email and the user opening it to deploy their malicious code. This way, even though securing scanning results in a clean analysis, by the time the user clicks on the link in the received email, the link has been weaponized. To prevent this from occurring, FortiMail can redirect URLs to FortiIsolator. FortiIsolator is a browser isolation solution that protects users against zero-day malware and phishing threats by creating a visual air gap between a user's browser and websites. FortiIsolator executes web content in a remote disposable container and then displays the content to users visually. In this lab, you configure URL click protection so that all URLs sent via email redirect to FortiIsolator. Time to complete: 15 minutes Page 23 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 6.1. Redirect URLs to FortiIsolator Background Before configuring URL click protection, test internet browsing using Alice's computer. 1. Connect to Alice. 2. Open Google Chrome and click the browser bookmark Facebook. 3. After the website loads, right-click on the page and then click View page source. 4. A new tab opens showing the source code for the webpage, including some scripts that run on the page. 5. Close the browser. Tasks 1. Connect to FortiMail. 2. Click Security > Disarm & Reconstruction > URL. 3. Under FortiIsolator Integration, set the following: Category: all Base URL: https://172.16.99.146 4. Click Apply. 5. Click Profile > Content > Content. 6. Use the Domain drop-down list to select acmecorp.net. 7. Edit the CF_Inbound_ACMECORP profile. 8. Use the Action drop-down list to select --None--. 9. Expand Content Disarm and Reconstruction. 10. Use the Action drop-down list to select --Default--. Page 24 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 11. Enable HTML content. 12. Configure the following settings: HTML content: Modify content Active content: Remove URL: Redirect to FortiIsolator 13. Click OK. 14. Go to Policy > Recipient Policy > Inbound. 15. Use the Domain drop-down list to select acmecorp.net. 16. Edit the acmecorp.net inbound policy. 17. In the Profiles section, use the Content drop-down list to select the CF_Inbound_ACMECORP. Note: If you have completed use case 5.0: Content Disarm and Reconstruction, this profile will already be selected. 18. Click OK. Page 25 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 6.2. Log Analysis Log Analysis 1. Connect to Alice. 2. Open Mozilla Thunderbird. 3. Open the latest email in the inbox that came from sender friend@gmail.com (a spoofed email address). 4. Click the link Facebook. 5. The URL is redirected through FortiIsolator and appears in the browser as https://172.16.99.146/isolator/https://www.facebook.com. The green circle with an I in it indicates that FortiIsolator is displaying the webpage. 6. Right-click on the webpage and then click View page source. 7. The only scripts in the source code are from FortiIsolator. 8. Return to FortiMail. 9. Click Monitor > Log > History. 10. Under the Disposition column, locate the log entry that says URL Click Protection. 11. Click on the Session ID of this log entry to see the whole list of events of this attack in milliseconds. Note: You may need to scroll right to locate the Session ID column. Question Can Alice still browse to Facebook using Google Chrome without FortiIsolator rewriting the URL? Select the correct answer(s) Yes No Page 26 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 7. Identity-Based Encryption Identity-Based Encryption Identity-based encryption (IBE) is a type of public-key encryption that uses identities (such as email addresses) to calculate encryption keys that can be used for encrypting and decrypting electronic messages. Compared with traditional public-key cryptography, IBE greatly simplifies the encryption process for both users and administrators. Another advantage is that a message recipient does not need any certificate, key pre-enrollment, or specialized software to access the email. In this exercise, Alice (alice@acmecorp.net) sends a confidential email to David (david@notacmecorp.com) that FortiMail secures using IBE. Once Alice sends the email, David receives instructions about how to create an account on FortiMail in order to retrieve the email. Time to complete: 20 minutes Page 27 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 7.1. Configure IBE Background In this exercise, you configure IBE on FortiMail. To do this, you must configure the following: The FortiMail IBE service A dictionary profile A content action profile An outbound content profile The outbound recipient policy Tasks Configure the FortiMail IBE Service 1. Connect to FortiMail. 2. Click Encryption > IBE. 3. Turn on Enable IBE service. 4. Turn off Activation is required for account registration. Note: This setting is disabled to simplify the testing section of this exercise. 5. In Notification Setting, under Email Status Notification, turn on Message is read (notify sender). 6. Click Apply. Configure a Dictionary Profile 1. Click Profile > Dictionary. 2. Edit the profile IBE_Dictionary. 3. Under Dictionary Entries, click New. 4. Set Pattern to confidential 5. Set Pattern type to Regex. Page 28 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute Note: Make sure you have entered the pattern and pattern type exactly as shown. 6. Click Create. 7. Click OK. Configure a Content Action Profile 1. Click Profile > Content > Action. 2. Use the Domain drop-down list to select acmecorp.net. 3. Edit the profile CF_Action_ACMECORP. 4. At the bottom of the screen, turn on Final action and use the drop-down list to select Encrypt with profile. 5. Set Profile name to lBE_Pul. Note: IBE_Pull is a default encryption profile that uses AES 256 as the encryption algorithm. To view this profile, click Profile > Security > Encryption. 6. Click OK. Configure the Outbound Content Profile 1. Click Profile > Content > Content. 2. Use the Domain drop-down list to select acmecorp.net. 3. Select CF_Outbound_ACMECORP and click Edit. 4. Set Action to CF_Action_ACMECORP. 5. Expand Content Monitor and Filtering. 6. Click New. Page 29 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 7. Beside Dictionary, use the drop-down lists select profile and IBE_Dictionary. 8. Click Create. 9. Click OK. Configure the Outbound Recipient Policy 1. Click Policy > Recipient Policy > Outbound. 2. Edit the outbound policy for acmecorp.net. 3. In the Profiles section, set Content to CF_Outbound_ACMECORP. 4. Click OK. Page 30 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 7.2. Send and Receive the Encrypted Email Background Now that you configured IBE, you will send an email message from Alice to David that contains the word “confidential” in the subject line. You will then create an account for David on FortiMail so that he can retrieve the message. Tasks 1. On the lab activity sidebar, in the Sales section, use the RDP connection to access the device Alice. 2. Open Mozilla Thunderbird. 3. Click Write to create a new email and enter the following: To: david@notacmecorp.com Subject: Confidential information Email body: This email contains sensitive information. 4. Click Send. 5. On the lab activity sidebar, in the Internet section, use the RDP connection to access the device, David. 6. Open Mozilla Thunderbird. 7. In David’s inbox, select the email from Alice. It contains a message that he has received a secure message. 8. Click the link in the notification email. 9. The link directs you to fortimail.acmecorp.net, where you can create an IBE user account for David on the FortiMail. Configure the following: First name: David Last name: Brent Password: Fortinet1! Confirm password: Fortinet1! 10. Click Register. 11. A message appears, stating that registration is successful. Click Continue. Page 31 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 12. You can now access the folder Encrypted Email on FortiMail and read Alice’s email. You can also reply to the email directly through FortiMail. 13. Return to the Alice device. In Alice’s inbox is an email stating that the IBE message has been read by the recipient. Page 32 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 7.3. Log Analysis Log Analysis 1. Connect to FortiMail. 2. Click Monitor > Log > History. 3. Locate the email from Alice. Under Classifier, the log states Content Encryption, and under Disposition, the log states Encrypt. 4. Double-click on the entry to view more information. 5. Click Domain & User > IBE User > Active User. 6. David’s IBE user account is listed. Question In the test email, FortiMail applied IBE because “Confidential” was in the subject line of Alice’s email. Which of the following would have also triggered FortiMail to apply IBE? (Select all that apply) Select the correct answer(s) CONFIDENTIAL in the subject line Confidential in the body of the email Confidental in the subject line CONfidEntial in the subject line. Page 33 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 8. Conclusion This concludes the Fast Track workshop lab activity. We hope you found the information provided useful and the user experience compelling. In this workshop you have learned how to: Understand the benefits of the Fortinet email security solutions. Be able to configure and leverage antivirus, impersonation analysis, content disarm and reconstruction, and URL click protection capabilities to provide protection against advanced and targeted email attacks. Extend these new skills to other Fortinet solutions. Page 34 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute 8.1. Continued Education Now that you've completed the Advanced Email Security Solution , here are a few additional resources and next steps. For continued learning about Fortinet's FortiMail solution, please consider looking at the following Fortinet NSE training course: Fortinet NSE 6 - FortiMail 7.2 exam as part of the FCP Public Cloud Security Additional resources and tools can be found at the following locations: Docs - FortiMail 7.4 Ask your instructor for more information about the following Fast Track workshops: Security, Visibility, and Control of Public Cloud Infrastructure and Workloads Page 35 of 35 FFT-FortiMail r4 Lab Guide Fortinet Training Institute
