Description
This document explains how to use DLP sensor to block the file upload or download for HTTP/HTTPS, SMTP, POP3, IMAP on 5.0 and 5.2 FortiOS.
Solution
Step1:
This document explains how to use DLP sensor to block the file upload or download for HTTP/HTTPS, SMTP, POP3, IMAP on 5.0 and 5.2 FortiOS.
Solution
Step1:
For 5.2.x:
Create a DLP sensor
- Go to Security profiles > Data Leak Prevention > Create new Filter > select Files
- Specify File Types > File Name Pattern > Enter the pattern *.*
- Select the services such as HTTP-GET, POP3 or imap to block the download over HTTP, pop3, and imap.
- To block the upload and download over HTTP or SMTP, select service HTTP-POST, HTTP-GET, SMTP.
- Set the ACTION to BLOCK
Refer the below screenshot attached.
For 5.0.x
Create a file filter as give in the given attachment:
Apply the created file filter under the DLP Sensor:
Step2: Include it in the required firewall policy
# Once the DLP sensor is configured you would need to enable the configured DLP sensor in a firewall policy.
Important note :-
# http-post would block the uploads from http, select all protocols to block uploads on all supported protocols
# Email protocols would block the complete emails with attachments, not only the attachments. Blocking of email attachments is not possible with the current OS,it would be a new feature request for which you can request contacting your local sales team or email us at sales@fortinet.com
# For it to work, user should generate the traffic(upload files) from one of the supported protocols.If the users are using other means to upload or download it would not work.
# For it to work on SSL protocols(https,smtps,pop3s) enable ssl inspection and make sure these options are checked. Attached is the screen shot for your reference
