DO NOT REPRINT LAB 3—Authentication© FORTINET 5. Create an LDAP profile using the following values: Field ValueProfile name: InternalLabLDAPServer name/IP: 10.0.1.106. Use the following values to configure the Default Bind Options: Field ValueBase DN: OU=Training Users,DC=internal,DC=labBind DN: CN=LDAP Service Account,OU=Service Accounts, DC=internal,DC=labBind password: fortinet7. In the User Query Options section, in the Schema drop-down list, select Active Directory.8. In the User Alias Options section, in the Schema drop-down list, select Active Directory.9. Use the following values to modify the User Alias Options: Field ValueAlias member query: proxyAddresses=smtp:$mUser group expansion in DisableadvanceUse Separate bind Disable10. Click Create to save the LDAP profile.To validate the LDAP profile configuration1. In the IntGW FortiMail management GUI, select the InternalLabLDAP profile, and then click Edit.2. On the LDAP profile configuration screen, click [Test LDAP Query…].3. Make sure the query type is set to User.4. Query for the following users: [email protected] [email protected]. If your configuration is correct, you will receive the following Test Result message:FortiMail Student Guide 51
DO NOT REPRINT LAB 3—Authentication© FORTINET6. If the query fails, make sure the LDAP profile configuration matches the following screenshot:7. On the LDAP profile configuration screen, click [Test LDAP Query…] again.8. Change the query type to Alias.9. All of the Active Directory users have been preconfigured with aliases. Query for the following aliases: [email protected] [email protected]. If your configuration is correct, you will receive the following Test Result message:FortiMail Student Guide 52
DO NOT REPRINT LAB 3—Authentication© FORTINET11. If the query fails, make sure the LDAP profile User Alias Options configuration matches the following screenshot:12. Perform the same validation steps on the IntSRV FortiMail. 53To configure recipient verification and alias mapping forgateway mode1. In the IntGW FortiMail management GUI, click Mail Settings > Domains > Domains.2. Select the internal.lab domain, and then click Edit.3. In the Recipient Address Verification section, select Use LDAP Server.FortiMail Student Guide
DO NOT REPRINT LAB 3—Authentication© FORTINET 4. In the Use LDAP server drop-down list, select InternalLabLDAP. 5. Expand the Advanced Settings section. 6. In the LDAP user alias / address mapping profile drop-down list, select InternalLabLDAP. 7. Your configuration should match the following screenshot:8. Click OK to save the changes. Note: You don’t need to configure recipient verification on the IntSRV FortiMail. Recipient verification is enabled implicitly on a server mode FortiMail because the user database exists locally. You also don’t need to configure alias mapping on the IntSRV FortiMail because the mapping is done by the IntGW FortiMail before it delivers an email message to the IntSRV FortiMail.To configure LDAP authentication for gateway mode webmailaccess1. Click Policy > Policies > Policies.2. Select recipient policy ID 1, and then click Edit.3. In the Authentication and Access section, configure the following values:FortiMail Student Guide 54
DO NOT REPRINT LAB 3—Authentication© FORTINET Field ValueAuthentication type: LDAPAuthentication profile: InternalLabLDAPAllow quarantined email access through webmail Enabled4. Click OK to save the changes.Note: Users will use their Active Directory accounts to authenticate and gain access to theIntGW FortiMail’s webmail interface for quarantined emails.To configure LDAP authentication for server mode users1. Visit the IntSRV FortiMail’s management GUI: https://intsrv.internal.lab/admin2. Click User > User > User.3. Select user1, and then click Edit.4. In the Authentication type drop-down list, select LDAP.5. In the LDAP profile drop-down list, select InternalLabLDAP.Note: If the LDAP profile doesn’t appear in the drop-down list, then you missed a step.Return to the To Configure an LDAP Profile section, and then follow the listed steps toconfigure the same LDAP profile on the IntSRV FortiMail.6. Click OK to save the changes.7. Click New.8. Create a new user using the following values: Field ValueUser name: user2Authentication type: LDAPLDAP profile: InternalLabLDAPDisplay name: Mail User 29. Click Create to save the new user.To validate server mode LDAP authentication1. In Windows, open a new web browser tab. Visit the IntSRV FortiMail’s webmail GUI: https://intsrv.internal.lab/2. Log in as user2 using the password fortinet.FortiMail Student Guide 55
DO NOT REPRINT LAB 3—Authentication© FORTINET 3. If you have configured the server mode user LDAP authentication correctly, the login will be successful.To validate gateway mode LDAP authentication1. Open a new web browser tab. Visit the IntGW FortiMail’s webmail GUI: https://intgw.internal.lab/2. Log in as user2 using the password fortinet.3. If you have configured the gateway mode LDAP authentication correctly, the login will be successful.4. Log out and close the browser tab before proceeding.Note: The webmail GUI in gateway mode gives users access to their Bulk folder, whichcontains only quarantined email. You will configure email quarantining in a later lab. In thissection, you are verifying user access only.To validate recipient verification1. In Windows, open a new web browser tab. Visit the ExtGW FortiMail’s webmail GUI: https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Compose a new email message using the following values: Field ValueTo: [email protected]: Testing Recipient VerificationMessage Body: This should be rejected!4. Click Send.5. Click Refresh to update the inbox. You should receive a delivery status notification (DSN) message.6. Open the DSN message and review the transcript details.7. Visit the IntGW FortiMail’s management GUI. https://intgw.internal.lab/admin8. Click Monitor > Log > History.9. Double-click the active log file. The first entry in the History log should correspond to email you just sent.FortiMail Student Guide 56
DO NOT REPRINT LAB 3—Authentication© FORTINET 10. Review the log details.To validate alias mapping1. Visit the ExtSRV FortiMail’s webmail GUI. https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Compose another email message using the following values: Field ValueTo: [email protected]: Testing Alias MappingMessage Body: This should work!4. Click Send.5. Visit the IntSRV FortiMail’s webmail GUI: https://intsrv.internal.lab/6. Log in as user2 using the password fortinet.7. The email you sent to [email protected] should appear in the [email protected] inbox.8. Visit the IntGW FortiMail’s management GUI. https://intgw.internal.lab/admin9. Click Monitor > Log > History.10. Double-click the active log file. The first entry in the History log should correspond to email message you just sent.FortiMail Student Guide 57
DO NOT REPRINT LAB 3—Authentication© FORTINET11. Click the Session ID to retrieve the cross search result.12. Review the AntiSpam log related to the session.Note: Alias mapping is useful to consolidate multiple email messages for the same userin a single email account using their primary email address as the identifier. This reducesaccount management overhead for the user and the administrator. For example, if a userhas five aliases in addition to a primary email address, FortiMail can use alias mapping tomaintain a single user quarantine mailbox. Otherwise, the user would have to manage sixseparate quarantine accounts, as well as the quarantine reports for each account.FortiMail Student Guide 58
DO NOT REPRINT LAB 4—Session Management© FORTINETLAB 4—Session ManagementIn this lab, you will configure session profiles to inspect the envelope part of SMTP sessions. You willalso use session profiles to hide internal network information from email headers.Objectives Configure session profile connection settings to limit inbound connections to the IntGW FortiMail Configure sender address rate control to limit outbound connections on the IntSRV FortiMail Configure session profile header manipulation to hide your internal network informationTime to CompleteEstimated: 45 minutesPrerequisitesBefore beginning this lab, you must restore a configuration file to the IntSRV FortiMail.To restore the initial configuration file1. In Windows, open a web browser. Visit the IntSRV FortiMail’s management GUI: https://intsrv.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Maintenance > System > Configuration. Upload the following configuration file: Desktop\Resources\Starting Configs\Lab 4\04_Initial_IntSRV.tgz Note: The configuration file adds a new IP policy that causes all email delivery attempts from the ExtSRV FortiMail to the IntSRV FortiMail to fail temporarily. This is done to ensure that when the session limits are triggered on the IntGW FortiMail, the ExtSRV FortiMail can’t deliver to the IntSRV FortiMail directly. The change helps in testing the session profile settings you will be configuring on IntGW in this lab.4. Click Restore.5. Wait for the IntSRV FortiMail to finish rebooting before you proceed with the exercise.FortiMail Student Guide 59
DO NOT REPRINT LAB 4—Session Management© FORTINET 1 Connection LimitsSpammers usually send as many email messages as they can in a small period of time, beforelegitimate email servers begin to block delivery. If blocked, the spammers won’t spend the time to retry.Normal email servers will retry delivery if it fails the first time. One method of blocking spam, whileallowing legitimate email messages, is to limit the number of SMTP sessions that each client canestablish in a 30-minute period.In this exercise, you will configure a session profile on the IntGW FortiMail to limit the number ofconnections the ExtSRV FortiMail can establish over a 30-minute period. Then, you will test theconnection limitation by sending consecutive email messages to trigger a violation. You will also verifyyour configuration by reviewing the logs.To configure a session profile6. In Windows, open a web browser. Visit the IntGW FortiMail's management GUI: https://intgw.internal.lab/admin7. Log in as admin and leave the password field empty.8. Click Profile > Session > Session.9. Click New.10. In the Connection Settings section, configure the following values: Field ValueProfile name: limit_connectionsRestrict the number of connections per client 4per 30 minutes to:11. Click Create to save the profile.Note: Four connections every 30 minutes is too few to be realistic for real worlddeployments. Email servers usually send many email messages to or throughFortiMail each minute. In this lab, however, you will use the 30-minute restriction tomake your rate limit easy to trigger. Note: If there are no IP policies configured with a session profile, FortiMail will still rate limit connections according to its default settings, which are similar to the session_basic_predefined profile–including the 10 MB size limit, sender reputation enabled, and so on. To disable the rate limit, you must create and apply a blank session profile.To apply the session profile to inbound connections1. Click Policy > Policies > Policies.2. Edit IP policy ID 1.3. In the Profiles section, in the Session drop-down list, select limit_connections. Cick OK toFortiMail Student Guide 60
DO NOT REPRINT LAB 4—Session Management© FORTINET save your settings.To validate the connection limits1. Open a new tab in your browser. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Send five email messages to [email protected] to trigger the session limit.4. Open Thunderbird and check how many email messages were delivered to the [email protected] inbox. Note: There will be one email sent per TCP connection. Therefore IntGW FortiMail should allow the first four but block email number five, which exceeds your configured connection limit.5. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin6. Click Monitor > Log > History.7. Double-click the active log file. The first entry in the History log should correspond to the rejected email.8. Why are the From, To, and Subject fields empty in this log entry? Note: FortiMail blocked the client’s attempt when scanning the IP layer of the initial packets, before the SMTP session could be established. The SMTP session contains the SMTP envelope: the sender’s email address, the recipient’s email address, and the subject. So those parts of the email were never received.9. Click the Session ID to retrieve the cross search results.10. Review the related AntiSpam log.FortiMail Student Guide 61
DO NOT REPRINT LAB 4—Session Management© FORTINET To disable connection limits 1. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin 2. Click Policy > Policies > Policies. 3. Edit IP policy ID 1. 4. In the session profile drop-down list, select Inbound_Session. 5. Click OK.FortiMail Student Guide 62
DO NOT REPRINT LAB 4—Session Management© FORTINET2 Sender Address Rate ControlWhile it is important to protect your email users from spammers sending large volumes of email, it is alsoimportant to protect your own MX IP reputation by controlling the volume of email received from internalusers.In this exercise, you will configure sender address rate control on the IntSRV FortiMail. Then, you willsend consecutive email messages to trigger a violation, and verify your configuration using logs.To configure sender address rate control1. In Windows, open a new web browser tab. Visit the IntSRV FortiMail’s management GUI: https://intsrv.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Mail Settings > Domains > Domains.4. Select the internal.lab domain and click Edit.5. Expand the Advanced Scan Settings section, and then select the Sender address rate control check box.6. Expand the Sender address rate control section.7. Configure the following values: Field ValueAction: RejectMaximum number of messages per half hour: 4Send email notification upon rate control Enableviolations8. Click New.9. Create a notification profile using the following values: Field ValueName: NotifyUser1Send notification to: Others10. Click Add11. Enter Mail User 1’s email address: [email protected]. Click OK.13. Click Create.14. Click OK.FortiMail Student Guide 63
DO NOT REPRINT LAB 4—Session Management© FORTINETTo validate sender address rate control1. Open a new web browser tab. Visit the IntSRV FortiMail’s webmail GUI: https://intsrv.internal.lab/2. Log in as user2 using the password fortinet.3. Send five email messages to [email protected] to trigger the rate control limit.4. Open a new web browser tab. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/5. Log in as extuser using the password fortinet.6. Check how many email messages were delivered to the [email protected] inbox.7. By now, [email protected] should have received the notification email for the rate control violation. Open Thunderbird and view the details in the notification email. Note: Notification profiles are a convenient feature that can allow administrators to keep informed of events occurring on FortiMail. Many FortiMail features support notification profiles.8. Visit the IntSRV FortiMail’s management GUI: https://intsrv.internal.lab/admin9. Click Monitor > Log > History.10. Double-click the active log file. The first entry in the History log should correspond to the rate control violation. Note: While session profile connection limits and sender address rate control appear to function very similarly, there is a major difference in how these limits are applied by FortiMail. As you observed in the previous exercise, session profile connection limits are applied at the IP layer. Sender address rate control limits connections based on the sender address. This is derived from the mail from: field of the SMTP envelope. So, for sender address rate control, FortiMail must process at least a portion of the SMTP envelope. This is also why [email protected] appears in the From field of the log entry, but the log entries from the session profile connection limits are empty.11. Click the Session ID to retrieve the cross search results.12. Review the related event, and antispam logs.FortiMail Student Guide 64
DO NOT REPRINT LAB 4—Session Management© FORTINETTo disable sender address rate control1. Visit the IntSRV FortiMail’s management GUI: https://intsrv.internal.lab/admin2. Click Mail Settings > Domains > Domains.3. Select the internal.lab domain and click Edit.4. Expand the Advanced Scan Settings section and disable Sender address rate control.FortiMail Student Guide 65
DO NOT REPRINT LAB 4—Session Management© FORTINET 3 Header ManipulationRemoving internal headers is a common security practice. It hides your internal network information fromthe world.In this exercise, you will observe the effects of header manipulation settings by configuring a sessionprofile on the IntGW FortiMail to hide internal headers.To review headers1. Open a new web browser tab. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Open any email message sent by an internal.lab user. If you deleted all the previous email messages, open Thunderbird and send a new email message to [email protected]. Click More > Detailed Header. Select and copy (Ctrl + C) the header contents.5. Open a new Notepad window and paste (Ctrl + V) the header details. Save the file on the desktop as Header_Before.txt.To configure header manipulation1. Open a new web browser tab. Visit the IntGW management GUI: https://intgw.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Policy > Policies > Policies.4. Click the Outbound_Session link. This is the session profile currently applied to IP policy ID 3, which processes all outbound email for the internal.lab domain.5. Expand Header Manipulation, and then select the Remove received headers check box.6. Click OK to save the changes. Note: The IntGW FortiMail removes all previous Received: headers from the email when it starts processing it, using IP policy ID 1.FortiMail Student Guide 66
DO NOT REPRINT LAB 4—Session Management© FORTINET To validate header manipulation settings 1. Open Thunderbird. 2. Send a new email message to [email protected]. 3. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/ 4. Log in as extuser using the password fortinet. 5. Open the email message you just sent from [email protected]. 6. Review the detailed headers of the email.Note: In the Received: header you should only see details about IntGW and ExtSRV.There should be no information about Windows (10.0.1.10), and IntSRV (10.0.1.99).7. Open the Header_Before.txt file you saved earlier. Compare the differences.FortiMail Student Guide 67
DO NOT REPRINT LAB 5—Antivirus© FORTINET LAB 5—AntivirusIn this lab, you will apply FortiMail’s local malware detection techniques to scan for viruses in inboundemail.Objectives Configure an antivirus profile to enable local malware detection Configure an antivirus action profile to replace infected content from an email Apply antivirus scanning to inbound email Test antivirus functionalityTime to CompleteEstimated: 15 minutesFortiMail Student Guide 68
DO NOT REPRINT LAB 5—Antivirus© FORTINET1 Antivirus Scanning for MalwareDetectionIn this exercise, you will configure an antivirus profile and an antivirus action profile on the IntGWFortiMail. Then, you will apply the antivirus profile to a recipient-based policy in order to scan all inboundemail sent to the internal.lab domain.You shouldn’t test your antivirus configuration using a live virus. By doing so, you risk infecting yournetwork’s hosts if your configuration is incorrect. To test your antivirus configuration without risk ofinfecting your network, you will use an EICAR file.An EICAR file doesn’t contain a real virus. It is a harmless, industry-standard test file that is designed totrigger all antivirus engines for testing purposes. So, if your antivirus configuration is correct, FortiMailshould detect the EICAR file as a virus.To configure an antivirus action profile1. In Windows, open a new web browser. Visit the IntGW FortiMial’s management GUI: https://intgw.internal.lab/admin/2. Log in as admin and leave the password field empty.3. Click Profile > AntiVirus > Action.4. Click New.5. Add a new Action profile using the following values: Field ValueDomain internal.labProfile name AV_Tag_ReplaceTag email’s subject line enabledWith value [VIRUS DETECTED]Replace infected/suspicious body or attachments enabled6. Click Create to save the profile.Note: The action profile that you created doesn’t appear in the list. Why? The list view isfiltered by domain. If you want to show the new profile, change the selection in theDomain drop-down list. Select internal.lab, to view the action profiles for that specificdomain, or select All to view the action profiles for all domains.To configure an antivirus profile for local malware detection1. Click Profile > AntiVirus > AntiVirus.2. Click New.FortiMail Student Guide 69
DO NOT REPRINT LAB 5—Antivirus© FORTINET 3. Add a new antivirus profile using the following values: Field ValueDomain: internal.labProfile name: AV_InDefault action AV_Tag_Replace4. Keep the default values for the remaining settings.5. Scroll down, and then click Create to save the profile.6. From the Domain drop-down list, select internal.lab to see the new antivirus profile.To configure a recipient policy to apply antivirus1. Click Policy > Policies > Policies.2. Select recipient policy ID 1, and then click Edit.3. In the Profiles section, in the Antivirus drop-down list, select AV_In.4. Click OK to save the recipient-based policy.To send an infected email1. Open a new web browser tab. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Compose a new email message using the following values: Field ValueTo: [email protected]: AV EICAR TestMessage Body This contains a virus!4. Click Attach.5. Browse to and select: Desktop\Resources\Files\eicar.com6. Wait for the file upload to finish, and then click Send.To verify AV functionality1. In Windows, open Thunderbird.2. Confirm that you received the email message sent from [email protected]. Note that the following actions have been applied to the email message: The subject line contains the [VIRUS DETECTED] tagFortiMail Student Guide 70
DO NOT REPRINT LAB 5—Antivirus© FORTINET The IntGW FortiMail replaced the EICAR file and inserted a replacement messageTo monitor the logs1. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin2. Click Monitor > Log > History.3. Double-click the active log file. The first entry in the History log should correspond to the virus email.4. Click the Session ID link to review the cross search result for more details.FortiMail Student Guide 71
DO NOT REPRINT LAB 6—Content Inspection© FORTINETLAB 6—Content InspectionIn this lab, you will configure a content filter to monitor email based on dictionary word scores. You willalso configure the data loss prevention (DLP) feature to detect and block any outbound email containingcredit card numbers.Objectives Configure a dictionary profile to monitor words using scores Configure a content profile monitoring and filtering to apply the dictionary profile Apply content filtering on all inbound email Configure DLP to detect credit card numbers in an email body and attachments Apply DLP on all outbound emailTime to CompleteEstimated: 40 minutesFortiMail Student Guide 72
DO NOT REPRINT LAB 6—Content Inspection© FORTINET 1 Content InspectionIn this exercise, you will configure a content profile’s content monitoring and filtering options to scan forspecific pattern occurrences in inbound email. Then, you will configure the action to be applied after thesame word occurs three times in an email message.To configure a dictionary profile1. In Windows, open a web browser. Visit the IntGW FortiMail's management GUI: https://intgw.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Profile > Dictionary > Dictionary.4. Click New.5. Name the profile WordScores.6. In the Dictionary Entries section, click New.7. Configure the dictionary entry using the following values: Field ValuePattern: fortimailPattern type: Wildcard8. Click Create to save the entry.9. Click Create to save the dictionary profile.Note: If Enable pattern maximum weight limit is disabled, the pattern can increase anemail’s dictionary match score by more than the amount configured in Pattern maxweight field.To configure a content profile1. Click Profile > Content > Content.2. Click New.3. Configure a new content profile using the following values: Field ValueDomain SystemProfile name CF_DictionaryDirection IncomingAction SysQuarantine_InboundFortiMail Student Guide 73
DO NOT REPRINT LAB 6—Content Inspection© FORTINET 4. Expand the Content Monitor and Filtering section. 5. Click New. 6. Configure the content monitor profile using the following values: Field ValueDictionary: WordScoresMinimum score: 37. Click Create to save the content monitor profile.8. Click Create to save the content profile.Note: Setting the Minimum score to 3 ensures that the action profile is applied only afterFortiMail has found three occurrences of the pattern in a single email message.To apply content inspection to inbound email1. Click Policy > Policies > Policies.2. In Recipient Policies, select the incoming policy for internal.lab (that is, policy ID 1).3. Click Edit.4. In the Profiles section, change the content profile to CF_Dictionary.5. Click OK.To test the content profile1. Open a new web browser tab. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Compose a new email message to [email protected]. Copy the contents of the following file, and paste it into the body of the email message: Desktop\Resources\Files\messagebody.txt FortiMail appliances provide high-performance email routing and security by utilizing multiple high-accuracy antispam filters. As part of the Fortinet Security Fabric, FortiMail prevents your email systems from becoming threat delivery systems. FortiMail can be deployed in the cloud or on premises and gateway, inline and server modes in a range of appliance or virtual machine form factors.5. Click Send.To review the logs6. Visit the IntGW FortiMail's management GUI: https://intgw.internal.lab/adminFortiMail Student Guide 74
DO NOT REPRINT LAB 6—Content Inspection© FORTINET 7. Click Monitor > Log > History. 8. Double-click the active log file. The first entry in the History log should correspond to the virus email. Notice the values for Classifier and Disposition.9. Click the Session ID to retrieve the cross search results10. Review the antispam log related to the session.To access the system quarantine1. Click AntiSpam > Quarantine > System Quarantine Settings.2. In the Quarantine Folders section, select the Bulk folder, and then click Edit.3. Add the admin account to the members.4. Click OK to save the changes. 755. Apply the same change to the rest of the folders - Content, DLP, and Virus.6. Click Apply.FortiMail Student Guide
DO NOT REPRINT LAB 6—Content Inspection© FORTINET 7. Click Monitor > Quarantine > System Quarantine. 8. Double-click the Content mailbox. The quarantined email will appear here.To perform a sanity check (optional)1. Visit the ExtSRV webmail GUI: https://extsrv.external.lab/2. Compose a new email to [email protected]. Copy and paste the same message body, but remove one occurrence of the word “FortiMail”, and then send the email message.4. Open Thunderbird and verify that the email message was delivered to [email protected]’s inbox.FortiMail Student Guide 76
DO NOT REPRINT LAB 6—Content Inspection© FORTINET 2 Data Loss PreventionIn this exercise, you will configure a DLP profile and DLP action profile on the IntGW FortiMail. Then,you will apply the DLP profile to a recipient-based policy, to scan all outbound email sent from theinternal.lab domain.To enable the DLP feature1. In Windows, open a web browser. Visit the IntGW FortiMail management GUI: https://intgw.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Monitor > System Status > Console.4. Enable the DLP feature using the following CLI commands: config system global set data-loss-prevention enable end5. Reload the IntGW FortiMail’s management GUI. When the GUI reloads, the Data Loss Prevention menu item will appear. Note: The DLP feature is disabled in entry-level FortiMail models (VM01, 60D, 200D) because of performance considerations. You are enabling it to test the feature in a lab environment. You shouldn’t enable the DLP feature in a production network on an entry- level FortiMail.To configure a DLP rule to scan for credit card numbers1. Click Data Loss Prevention > Rule and Profile > Rule.2. Click New to create a new message scan rule.FortiMail Student Guide 77
DO NOT REPRINT LAB 6—Content Inspection© FORTINET 3. In the Name field, type ScanCreditCards4. In the Conditions section, click New.5. In the first Condition drop-down list, select Body and Attachment, and, in the second Condition drop-down list, select contains sensitive data.6. Click Edit, select the Credit_Card_Number data template, and then click OK.FortiMail Student Guide 78
DO NOT REPRINT LAB 6—Content Inspection© FORTINET7. Click Create to save the Scan Condition.8. Verify that your Message Scan Rule matches the following screenshot, and then click Create to save the rule.To configure a DLP profile to apply the DLP rule and actionprofile1. Click Data Loss Prevention > Rule and Profile > Profile.2. Click New to create a new DLP profile.3. In the Name field, enter DLP_Out.FortiMail Student Guide 79
DO NOT REPRINT LAB 6—Content Inspection© FORTINET4. Beside the Action drop-down list, click New.5. Create a new action profile using the following values: Field ValueProfile name: DLP_Out_Sys_QuarSystem quarantine to folder: EnableSystem quarantine to folder: Dlp6. Click Create to save the action profile.7. In the Content Scan Settings section, click New 80FortiMail Student Guide
DO NOT REPRINT LAB 6—Content Inspection© FORTINET8. In the Scan rule drop-down list, select ScanCreditCards, and then click Create to save the DLP Content Scan Settings.9. Verify that your DLP profile matches the following screenshot, and then click Create to save the profile.To apply DLP scanning for outbound email 811. Click Policy > Policies > Policies.2. In the Recipient Policies section, in the Direction drop-down list, select Outgoing.3. Click Create.4. In the Profiles section, in the DLP drop-down list, select DLP_Out.5. Click OK to save the changes.Test DLP Functionality1. In Windows, open Thunderbird.2. Click Write to compose a new email message using the following values:FortiMail Student Guide
DO NOT REPRINT LAB 6—Content Inspection© FORTINET Field ValueTo: [email protected]: DLP Credit Card TestMessage Body DLP test email3. Click Attach to select a file as an attachment.4. Browse to and select: Desktop\Resources\Files\sample.pdf5. Click Send.Note: The email message won’t be delivered to [email protected] because the IntGWFortiMail should detect the credit card numbers in the PDF file, and apply the systemquarantine action.To review the logs1. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin2. Click Monitor > Log > History.3. Double-click the active log file. The first entry in the history log should correspond to the email message you just sent.4. Click the Session ID link to retrieve the cross search results.5. Review the antispam log related to the sessionFortiMail Student Guide 82
DO NOT REPRINT LAB 7—Antispam© FORTINET LAB 7—AntispamIn this lab, you will configure antispam scanning for both inbound and outbound email. Then, you willverify your configuration by sending live spam through the IntGW FortiMail VM. You will also configurequarantine report settings, and manage user quarantine.Objectives Scan both incoming and outgoing email for spam Send spam email to user quarantine Manage quarantine report configuration Access and explore the user quarantine mailboxTime to CompleteEstimated: 40 minutesPrerequisitesBefore beginning this lab, you must restore a configuration file.To restore the initial configuration files1. In Windows, open a web browser. Visit the IntSRV FortiMail’s management GUI: https://intsrv.internal.lab/admin2. Click Maintenance > System > Configuration. Upload the following configuration file: Desktop\Resources\Starting Configs\Lab 7\07_Initial_IntSRV.tgz3. Click Restore.4. Open a new web browser tab. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin5. Click Maintenance > System > Configuration. Upload the following configuration file: Desktop\Resources\Starting Configs\Lab 7\07_Initial_IntGW.cfg6. Wait for the VMs to finish rebooting before proceeding with the exercise. Note: The configuration files disable all session profile inspection features that can potentially interfere with the antispam testing you will do in this lab.FortiMail Student Guide 83
DO NOT REPRINT LAB 7—Antispam© FORTINET1 Scan Incoming Email for SpamIn this exercise, you will verify the FortiGuard configuration. Then, you will configure an antispam profileto scan all incoming email and send all spam email to the users’ personal quarantine accounts.To verify FortiGuard configuration1. In Windows, open a web browser. Visit the IntGW FortiMail's management GUI: https://intgw.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Maintenance > FortiGuard > Antispam.4. In the FortiGuard Antispam Options section, configure the following values: Field ValueEnable service: EnabledEnable cache: EnabledCache TTL (Seconds) 300 (default)5. Click Apply to save the changes.6. To test the connectivity to FortiGuard, under FortiGuard Query set Query type to IP, then in Query, enter an IP address, such as 8.8.8.8, and click Query.7. Confirm that a Query result and Query score is returned such as Score: 0, Not spam.Note: If the Query result is No response, or if the antispam license status on Monitor >System Status is Trial, then change the FortiGuard service port setting, click Apply, andthen test the connection again.8. Click Maintenance > FortiGuard > Update.9. Click Update Now.To configure an antispam action profile1. Click Profile > AntiSpam > Action.2. Click New.3. Configure a new action profile using the following values: Field ValueDomain: internal.labProfile name: AS_In_User_QuarPersonal quarantine EnabledFortiMail Student Guide 84
DO NOT REPRINT LAB 7—Antispam© FORTINET Field ValueSend quarantine report EnabledEmail release EnabledWeb release EnabledSafelist sender of released message Disabled4. Click Create.To create an antispam profile1. Click Profile > AntiSpam > AntiSpam.2. Click New.3. Configure a new antispam profile using the following values: Field ValueDomain: internal.labProfile name: AS_InDefault action: AS_In_User_Quar4. Click Create.5. In the Domain drop-down list, select internal.lab6. Select the AS_In antispam profile and click Edit.7. Enable the following antispam techniques: FortiGuard o IP Reputation o Extract IP from Received Header o URI filter: phishing DMARC check Behavior analysis Header analysis Heuristic o The percentage of rules used: 100 Suspicious newsletter Newsletter8. Click OK to save the changesTo apply antispam scanning on all inbound email1. Click Policy > Policies > Policies.2. Select recipient policy ID 1, and then click Edit.3. In the AntiSpam profile drop-down list, select AS_In, and then click OK to save the changes.FortiMail Student Guide 85
DO NOT REPRINT LAB 7—Antispam© FORTINET 2 Testing the Antispam ConfigurationTo test your antispam settings, you will use a script named spamengine.pl on the Linux VM to sendspam to [email protected] send spam email from the Linux VM1. In Windows, open PuTTY.2. Double-click the preconfigured Linux session to open an SSH session to the Linux VM (10.0.1.254).3. Log in as root using the password password.4. Run the spam script by entering the following command: ./spamengine.pl -host 10.0.1.11 -mbox spam -recipient [email protected] -sender [email protected]. Wait until the script sends a minimum of 40 email messages, and then press Ctrl + C to stop the script.6. Close the PuTTY window.To verify the antispam configuration1. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin2. Click Monitor > System Status.3. On the Statistics Summary widget, click the Maximize icon for a full window display.4. The Statistics Summary opens in a separate tab so you can view the information more easily. Here, you can see current information on the total number of email messages received, the percentage of spam detected, and the type of antispam technique used to detect most of the spam.5. Click Monitor > Log > History.6. Double-click the active log file. You should see all the history logs associated with the spam email.FortiMail Student Guide 86
DO NOT REPRINT LAB 7—Antispam© FORTINET7. Click the Session ID link of a history log entry, and review the related antispam log for the session.FortiMail Student Guide 87
DO NOT REPRINT LAB 7—Antispam© FORTINET3 User Quarantine ManagementAn email user can access their list of quarantined email messages using either POP3 or webmail. In thisexercise, you will access the [email protected] quarantine mailbox on the IntGW FortiMail in thewebmail GUI. You will also configure quarantine report scheduling and generate an on-demandquarantine report. Then, you will explore the options available in a quarantine report.To access the personal quarantine1. Open a new tab in the web browser. Visit the IntGW FortiMail’s webmail GUI: https://intgw.internal.lab/2. Log in as user1 using the password fortinet.3. In the webmail interface of the gateway mode FortiMail, a user has access to the Bulk folder for quarantined email messages only. You should see all the quarantined spam messages in the Bulk folder.4. Try releasing an email from the quarantine mailbox to the user’s inbox.5. Try deleting a quarantined email.6. Log out of the webmail interface after you’re finished.To configure quarantine reports1. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin2. Click AntiSpam > Quarantine > Quarantine Report.3. In the Schedule section, enable the following days and times only: These hours: 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 These days: Mon Tue Wed Thu Fri4. In the Quarantine report template drop-down list, select default-with-icons.5. Click Apply to save the changesFortiMail Student Guide 88
DO NOT REPRINT LAB 7—Antispam© FORTINETNote: FortiMail auto-generates quarantine reports on schedule only for accounts that havequarantined email. If a user’s quarantine account is empty, then no report is generated forthat account.To generate quarantine reports on demand1. Click Monitor > Quarantine > Personal Quarantine.2. Select the [email protected] mailbox.3. Click Send quarantine report to > Selected users.4. Click OK.To view the quarantine report1. In Windows, open Thunderbird.2. Open the quarantine report. The subject should contain the words “Quarantine Summary”.3. You can release or delete each quarantined email message using ether web or email actions.4. Try using the web delete action:5. The end of the quarantine report contains options to delete all quarantined email messages using either an email or a web action:FortiMail Student Guide 89
DO NOT REPRINT LAB 7—Antispam© FORTINET6. Select the web action to delete all of the quarantined email messages for [email protected] Student Guide 90
DO NOT REPRINT LAB 7—Antispam© FORTINET3 Scan Outgoing Email for SpamIn this exercise, you will configure outbound antispam scanning on the IntGW FortiMail. Then, you willtest the configuration by sending an outbound email message containing a banned word.To configure an outbound antispam profile1. Visit the IntGW FortiMail's management GUI: https://intgw.internal.lab/admin2. Log in as admin and leave the password field empty.3. Click Profile > AntiSpam > AntiSpam.4. Click New.5. Configure a new antispam profile using the following values: Field ValueDomain: SystemProfile name: AS_OutDirection: OutgoingDefault action: predefined_as_out_basicNote: The predefined_as_out_basic action profile is a system default profile. It isconfigured with the reject action.6. Select the Banned word check box.7. Click Configuration, and then add some words to include in your banned word list. For each word, select whether FortiMail will scan the subject, body, or both, as follows:8. Click OK to close the window. 919. Click Create to save the profile.To apply antispam scanning on outbound email1. Click Policy > Policies > Policies.FortiMail Student Guide
DO NOT REPRINT LAB 7—Antispam© FORTINET 2. In the Recipient Policies section, in the Direction drop-down list, select Outgoing. 3. Select outgoing recipient policy ID 1, and then click Edit. 4. In the Profiles section, in the AntiSpam drop-down list, select AS_Out. 5. Click OK to save the changes.To verify the antispam configuration1. Open Thunderbird.2. Send an email to [email protected] that contains one of the banned words.3. You should receive a Delivery Status Notification (DSN) message. Open the DSN and review the transcript details. Sample output:An error occurred while sending mail. The mail server responded: 554 5.7.1 This email from IP 10.0.1.99 has been rejected. The email message was detected as spam.4. Visit the IntGW FortiMail's management GUI: https://intgw.internal.lab/admin5. Click Monitor > Log > History.6. Double-click the active log file. The first entry in the History log should correspond to the rejected email message.7. Review the log and verify that the appropriate action was applied to the outbound email message.8. Click the Session ID link to review the cross search result for more details.FortiMail Student Guide 92
DO NOT REPRINT LAB 8—Securing Communications© FORTINET LAB 8—Securing CommunicationsIn this lab, you will implement SMTPS between the IntGW and IntSRV FortiMail VMs. You will alsoconfigure content-inspection-based identity-based encryption (IBE) and verify your configuration bysending a secure email.Objectives Implement SMTPS between IntGW and IntGW FortiMail devices Implement content-inspection-based IBE o Configure the dictionary profile with the trigger word o Configure an encryption profile o Configure a content action profile to apply the encryption profile o Apply the dictionary profile and content action profile to a content profile o Apply the content profile to an outbound recipient-based policy Register an IBE user, and access the IBE emailTime to CompleteEstimated: 40 minutesFortiMail Student Guide 93
DO NOT REPRINT LAB 8—Securing Communications© FORTINET1 Implementing SMTPSIn this section, you will configure SMTPS between the IntGW and IntSRV FortiMail devices. You willalso compare logged details before and after implementing SMTPS.To review logs1. In Windows, open a web browser. Visit the ExtGW FortiMail’s webmail GUI: https://extsrv.external.lab/2. Log in as extuser using the password fortinet.3. Send an email message to [email protected]. Open a new web browser tab. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin5. Log in as admin and leave the password field empty.6. Click Monitor > Log > History.7. Double-click the active log file. The first entry in the History log should correspond to the email you just sent.8. Click the Session ID to retrieve the cross search result, and then review the last two entries, which contain details for the session between the IntGW and IntSRV FortiMail devices.FortiMail Student Guide 94
DO NOT REPRINT LAB 8—Securing Communications© FORTINETNote: By default, FortiMail uses SMTP over TLS if the recipient MTA supports it. In thissession, IntSRV is the recipient MTA.By default, SMTP over TLS is enabled on FortiMail.To configure SMTPS 951. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin2. Click Mail Settings > Domains > Domains.3. Select internal.lab and click Edit.4. Select the Use SMTPS check box.5. Click OK to save the change.FortiMail Student Guide
DO NOT REPRINT LAB 8—Securing Communications© FORTINETTo verify SMTPS1. Visit the ExtSRV FortiMail’s webmail GUI: https://extsrv.external.lab/2. Send another email to [email protected]. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin4. Click Monitor > Log > History.5. Double-click the active log file. The first entry in the History log should correspond to the email message you just sent.6. Click the Session ID to retrieve the cross search result, and then review the last two entries, which should indicate the switchover to SMTPS from STARTTLS.FortiMail Student Guide 96
DO NOT REPRINT LAB 8—Securing Communications© FORTINETNote: The underlying encryption mechanism for SMTPS and SMTP over TLS is the same.Both protocols use SSL or TLS. In this case, the FortiMail devices negotiated TLSv1.2.The difference exists in how and when that TLS encryption is applied.When SMTP over TLS is used, the connection is made on the standard SMTP port — TCPport 25. If the recipient MTA supports the STARTTLS extension, the sender chooseswhether SMTP over TLS is used by transmitting the STARTTLS message. ThisSTARTTLS request happens after the envelope exchange, and so, in SMTP over TLSonly a portion of the session is encrypted.When SMTPS is used, the client initiates the SMTP session with the server over a fully-encrypted tunnel using a separate — TCP port 465. SMTPS encrypts the full session.FortiMail Student Guide 97
DO NOT REPRINT LAB 8—Securing Communications© FORTINET2 Implementing Content-Inspection-Based IBEIn this exercise, you will configure content-inspection-based IBE. You will also verify your configurationby sending an IBE email message and reviewing the logs.To configure the IBE service1. In Windows, open a web browser. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin1. Log in as admin and leave the password field empty.2. Click Encryption > IBE > IBE Encryption.3. Configure the IBE Service settings using the following values: Field ValueEnable IBE service EnabledIBE service name: Internal Lab Secure PortalAllow secure replying EnabledAllow secure forwarding EnabledAllow secure composing EnabledIBE base URL: intgw.internal.labSend notification to sender when message is read Enabled4. Click Apply to save the changes.To configure a dictionary profile with the trigger word1. Click Profile > Dictionary > Dictionary.2. Click New.3. Name the profile IBEDictionary4. In the Dictionary Entries section, click New.5. Configure the dictionary entry using the following values: Field ValuePattern: \[CONFIDENTIAL]Pattern type: WildcardFortiMail Student Guide 98
DO NOT REPRINT LAB 8—Securing Communications© FORTINET Field ValueSearch header EnabledSearch body Disabled6. Click Create to save the dictionary entry.7. Click Create to save the dictionary profile.To configure an encryption profile for pull method delivery1. Click Profile > Security > Encryption.2. Select the IBE_Pull profile, and then click Edit.3. In the Encryption algorithm drop-down list, select AES 256.4. Click OK to save the changes.To configure a content action profile to apply IBE encryption1. Click Profile > Content > Action.2. Click New.3. Configure a new content action profile using the following values: Field ValueDomain: SystemProfile name: CF_IBE_PullDirection OutgoingEncrypt with profile: Enabled IBE_Pull4. Click Create to save the profile.To configure a content profile to apply IBE encryption basedon dictionary match1. Click Profile > Content > Content.2. Click New.3. Configure a new content profile using the following values:FortiMail Student Guide 99
DO NOT REPRINT LAB 8—Securing Communications© FORTINET Field ValueDomain: SystemProfile name: CF_OutDirection OutgoingAction: CF_IBE_Pull4. Expand the Content Monitor and Filtering section.5. Click New.6. In the Dictionary drop-down list, select the IBEDictionary profile.7. Click Create to save the Content Monitor profile.8. Click Create to save the Content profile.To configure an outbound recipient policy to apply the contentprofile1. Click Policy > Policies > Policies.2. In the Recipient Policies section, in the Direction drop-down list, select Outgoing.3. Double-click outgoing recipient policy ID 1.4. In the Content drop-down list, select CF_Out.5. Click OK to save the changes.To send an IBE email1. In Windows, open Thunderbird.2. Click Write.3. Compose a new email message using the following values: Field ValueTo: [email protected]: [CONFIDENTIAL] Requires immediate attentionMessage body: Did you leave the stove on?4. Click Send.To verify IBE operations using logs1. Visit the IntGW FortiMail’s management GUI: https://intgw.internal.lab/admin2. Click Monitor > Log > History.FortiMail Student Guide 100
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
- 586
- 587
- 588
- 589
- 590
- 591
- 592
- 593
- 594
- 595
- 596
- 597
- 598
- 599
- 600
- 601
- 602
- 603
- 604
- 605
- 606
- 607
- 608
- 609
- 610
- 611
- 612
- 613
- 614
- 615
- 616
- 617
- 618
- 619
- 620
- 621
- 622
- 1 - 50
- 51 - 100
- 101 - 150
- 151 - 200
- 201 - 250
- 251 - 300
- 301 - 350
- 351 - 400
- 401 - 450
- 451 - 500
- 501 - 550
- 551 - 600
- 601 - 622
Pages: