What is Local Out Routing in FortiGate Firewall?

> Local-Out Traffic:

--> Local-out traffic is the traffic generated by the FortiGate Firewall for services such as system services, DNS requests, logging, and alerts.

--> In Palo Alto firewalls, the local-out traffic in FortiGate is generally referred to as Management Traffic or Service Route traffic.

--> By default, self-originating traffic (local-out traffic), such as Syslog, Forti Analyzer logging, Forti Guard services, remote authentication, and others, relies on routing table lookups to determine the egress interface that is used to initiate the connection. 

--> By Default, SD-WAN rules do not apply to local-out traffic in the FortiGate Firewall.

--> In the FortiGate Firewall, it is possible to set the 'source-IP' to be used by the FortiGate to communicate with the respective servers for the below configurations/services.

--> By default, Local Out Routing is not visible in the GUI. Go to System -> Feature Visibility to enable it. 

--> After Enabling the feature, To configure local-out routing: Go to Network -> Local Out Routing.

--> Enable the Service for which you want to change the routing or the outgoing interface IP address as below:

Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-and-edit-the-Local-out-Routing-Source-IP/ta-p/212877

Read More

What is DKIM in Email Security

 

--> DKIM stands for Domain Keys Identified Mail, is an authentication protocol that detects the email has been modified during the transit ( When it is sent from your domain to recipient domain)

--> A valid DKIM signature helps in making sure that certain parts of the email have not been modified

--> DKIM works on the concept of Asymmetric Encryption ( usage of private and public keys)

--> Private Keys are stored on the Email Gateway or Exchange Server and Public Keys are stored on the Public DNS Server of the organization

--> Once DKIM is enabled on the Email Gateway or Exchange Server, For each outbound email, A hash value is generated and encrypted with the private key

--> Once the receiver domain receives the email, It will contact the Public DNS Server of sender domain to get the public key to decrypt the hash value which was generated using private key

--> The Public Key is stored in the organization Public DNS Server using DKIM Selector value.

--> The DKIM selector (also called a prefix selector) specifies the DNS location of the public key. Receiving servers use the prefix selector to find the public key. 

--> The DKIM selector is specified using the “s=” tag, which is stored in the DKIM-signature header of the email.

--> A query is generated on the receiver end DNS using “selector”._domainkey.yourdomain.

--> A domain can have multiple DKIM records in the DNS. Each DKIM key has a different DKIM selector which is added to a message’s DKIM signature.

--> The DKIM Key tells the receiving mail server which DKIM key should be used for validation.

Read More

What is the use of SPF in Email Security?

--> SPF stands for Sender Policy Framework, It is a text record created in Public DNS Server.

--> Using the SPF Text Record, an organization can publish a list of authorized mail servers that are allowed to send an email outside.

--> Without an SPF record, malicious actors may be able to spoof your domain and networks, harm your reputation and carry out cyberattacks that result in financial loss.

--> if you don’t have an SPF Record, servers that receive your emails may flag or reject them because they can't determine the authenticity of your domain.

-->  Receiving mail servers can perform an SPF test on every inbound email, checking to see if the IP address from which the email is sent matches an IP address in the domain's Sender Policy Framework record.

--> SPF test result can be one of the following:

i) none: Unable to resolve domain name or find SPF record in the domain

ii) neutral: The domain does not explicitly state that the IP address is authorized

iii) fail (hard fail): The client is not allowed to use the domain  (v=spf1 mx-all)

iv) fail (soft fail): The host is probably not authorized  (Example:v=spf1 mx ~all)

v) temperror (Temporary error): SPF encountered a transient error like DNS timeout  ( If the Public DNS Server of Sender Domain is having issue then we will see this issue and it usually goes away once the Publlic DNS Server starts reachable and responds to DNS Queries)

vi) permerror (Permanent error): Inability to correctly interpret the domain’s published records ( DNS lookup is taking long)

Read More