Auditing Mail Sending
The audit function is enabled on the FW to audit mails sent by users.
Faced Problems
As shown in Figure 1, an enterprise deploys the FW as a gateway to connect the intranet to the Internet.
Intranet users send critical information or important files of the enterprise through mails. In case of a security event, the owner cannot be located or traced.
Solution
With the audit function, the FW audits the mails sent by users, facilitating the locating and tracing of users and providing the basis for tuning security policies in the future.
Configure an audit policy based on the traffic sent from intranet users to access the Internet and reference the audit profile in the audit policy to audit users' posting behavior.
Click Add to create audit profile profile_audit and select Audit Email-Related Behavior to audit Sending.
- Click OK.
Click Add to create an audit policy. Configure matching conditions for the audit policy as required and reference the audit profile in the audit policy.
Set audit policy parameters. The referenced user group named users has been created.
Name policy1 Source zone trust Destination zone untrust Source Address/Region 192.168.0.0/255.255.255.0 User /default/users Action Audit Audit Configuration profile_audit - Click OK.
Verification
Choose . You can find the logs generated when the FW audits the mails sent by users.
Configuration Scripts
The configuration script related to the example is as follows:
# profile type audit name profile_audit mail-audit send # audit-policy rule name policy1 source-zone trust destination-zone untrust source-address 192.168.0.0 mask 255.255.255.0 user user-group /default/users action audit profile profile_audit #