system advanced-management
Use this command to control advanced management features that are designed for deployments such as managed security service providers (MSSP).
|
Advanced management options require a valid feature license. Some subcommands are only available when MTA advanced control is enabled. See mta-adv-ctrl-status {enable | disable} To inspect your configuration for invalid settings after the license is downgraded or expires, see |
Syntax
config system advanced-management
set domain-admin-log-status {enable | disable}
set domain-group-status {enable | disable}
set user-management {enable | disable}
set intra-domain-protection-status {enable | disable}
set url-click-tracking-status {enable | disable}
set mailbox-accounting-status {enable | disable}
set domain-mail-stats-status {enable | disable}
set dmarc-report-analysis-status {enable | disable}
set ha-central-monitor-status {enable | disable}
set recipient-policy-sender-option {envelope-from-only | envelope-or-header-from}
end
|
Variable |
Description |
Default |
|
Enable or disable collection of statistics about DMARC reports, such as how many email were sent to a recipient domain, and how many failed DMARC verification. To view the statistics, on the GUI, go to Monitor > DMARC Analysis > Analysis Summary or Monitor > DMARC Analysis > Analysis Detail. Alternatively, you can enable or disable this for each protected domain. See dmarc-report-analysis-status {enable | disable | use-system-setting}. To enable DMARC reports, see antispam dmarc-report-generation. |
disable |
|
| domain-admin-log-status {enable | disable} | Enable or disable domain-level administrators to access the history log. | enable |
| domain-group-status {enable | disable} | Enable or disable protected domain group support. Also configure system domain-group. | enable |
|
Enable or disable domain-level mail statistics. After you enable this service, a new tab called Domain Mail Statistics will appear under Log & Reportand Monitor > Report on the GUI. |
disable |
|
|
Enable or disable centralized monitoring of HA cluster statuses. This allows administrators on the primary FortiMail unit of an HA cluster to monitor the state and activity of each HA cluster member, including CPU, memory, disk usage, email throughput, and other mail statistic summaries. For active-active HA clusters, if a FortiAnalyzer is not used to aggregate logs, then administrators can use centralized monitoring to make log searches across the cluster members. This streamlines the monitoring process, avoiding the need to log into each individual cluster member. |
disable |
|
|
Enable or disable applying both inbound and outbound policies when an email is sent between protected domains. When this setting is disabled, if an email is sent between two protected domains, then FortiMail only applies the matching inbound policy. This means that, for example, an inbound policy with antispam would apply, but not an outbound policy with DLP. This behavior may be correct if all protected domains belong to the same company. However for an MSSP with multiple tenants, both policies should apply. In that case, enabled this setting so that FortiMail applies both inbound and outbound policies. |
disable |
|
| mailbox-accounting-status {enable | disable} |
Enable or disable the mailbox accounting service. After you enable this service, a new tab called Mailbox Statistics will appear under Log & Reportand Monitor > Report on the GUI. |
disable |
|
recipient-policy-sender-option {envelope-from-only | envelope-or-header-from} |
Use this command to turn on the option on the admin GUI to use Envelope From or Header From as the sender when configuring recipient policies. Note that this feature is only available with the Advanced Management license. |
envelope-from-only |
|
Enable or disable statistics for URL click protection. Also configure system fortiguard url-protection. |
disable |
|
|
Enable or disable user management via LDAP synchronization. Also configure profile user-import. |
disable |
Related topics
antispam dmarc-report-generation