firewall : mms-profile : config flood {mm1 | mm4}
 
config flood {mm1 | mm4}
Excessive MMS activity (message floods) can result from bulk MMS messages, MMS spam, attacks, or other issues.
You can use the config flood subcommand to detect and act on MMS message floods. Thresholds that define a flood of message activity and response actions are both configurable.
You can configure MMS flood detection for MM1 messages using config flood mm1 and for MM4 messages using config flood mm4.
There are four threshold settings for mm1 and mm4. The integer at the end of each command indicates which threshold you are configuring. By default, only the first threshold is available for configuration. Enable status2 to gain access to the second threshold. Then enable status3 to gain access to the third threshold. Finally, enable status 4 to gain access to the fourth threshold. They must be enabled in sequence.
Variable
Description
Default
action1 {alert‑notif archive archive-first block intercept log}
Select which actions to take, if any, when excessive message activity is detected. To select more than one action, separate each action with a space.
alert-notif — Enable to have the FortiGate unit send a notification message If this threshold is exceeded.
archive — Archive messages in excess of the configured threshold.
archive-first — Archive the first message in excess of the configured threshold.
block — Block and intercept excess messages. If block is selected, messages are also intercepted, even if intercept is not selected.
intercept — Intercept excess messages.
log — Log excess messages. This option takes effect only if logging is enabled for bulk MMS message detection. See “log-antispam-mass-mms {enable | disable}”.
This option appears only if status is enable for the MMS interface.
block intercept log
block-time1 <minutes_int>
Enter the amount of time in minutes during which the FortiGate unit will perform the action after a message flood is detected.
This option appears only if status is enable for the MMS interface.
100
limit1 <floodtrigger_int>
Enter the number of messages which signifies excessive message activity if exceeded within the window.
This option appears only if status is enable for the MMS interface.
100
protocol1
The MMS interface that you are configuring. protocol can be mm1 or mm2 depending on whether you entered config flood mm1 or config flood mm4.
This variable can be viewed with the get command, but cannot be set.
 
status1 {enable | disable}
Select to detect and act upon excessive MMS message activity.
disable
status2 {enable | disable}
Enable to gain access to the second threshold configuration settings.
disable
window1 <minutes_int>
Enter the period of time in minutes during which excessive message activity will be detected if the limit is exceeded.
This option appears only if status is enable for the MMS interface.
60