Sunday, December 6, 2015

A PANOS vrs FortIOS anti-spam

A big missing puzzle piece within the PaloAlto lineup is support for Anti-Spam ( AS  ).

What this means, a firewall like Fortigate, Barracuda or Sonicwall, has  the option to deploy AntiSpam rating and inspections regarding  the senders reputation and make decisions based on AS rating.

The "PAN-OS,    has drop the ball in this area & does not support any AS inspections !"

So if you need a NGFW and the ability to determine AS rating for mail, you are S#@*T out of luck with any of the PAs products.

So keep this thought in mind and specially when you are doing a "PaloAlto" vrs "the Others  NGFWs"

AS setup in fortigate is simple as 1 2 3 and can be deployed in all models (routed or transparent ). The fortiguard  sender database is probably as good as the IronPort or Barracudas imho.

With fortigate you cancheck AS for any mail protocol ( SMTP, IMAP,POP.etc...)

SSL encrypted traffic will need a decryption for traffic inspections

The email filtering policy can be attached for blocking and tagging the SMTP header which can help with mail clients handling of spam.

The fortiguard checks are by ip_address and mail submission hash, which are all very accurate.

If you ( a sender ) is  flagged and blacklisted in the fortiguard database, you probably need to be blacklisted

I've personally rarely seen false positives with fortiguard AS determinations. If you need to remove a flase positive, you can contact fortiguard and submit a removal.

The Fortiguard AS service is a paid subscription but worth the  $$$s

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment