Description
This article describes how to Use file filtering which is used to block/log certain file types using web filter and email filter.
Solution
To add a file filter to a web filter profile in the GUI.
- Go to Security Profiles -> Web Filter.
- Edit an existing profile, or create a new one.
# config webfilter profileTo add a file filter to an email filter profile in the GUI.
edit "webfilter-file-filter"
#config file-filter
set status {enable | disable}
set log {enable | disable}
set scan-archive-contents {enable | disable}
# config entries
edit "filter1"
set comment "Block files"
set protocol [http | ftp]
set action {block | log}
set direction {any | incoming | outgoing}
set encryption {any | yes}
set file-type "pdf" "msofficex"
next
end
end
next
end
# config emailfilter profile
edit "emailfilter-file-filter"
# config file-filter
set status {enable | disable}
set log {enable | disable}
set scan-archive-contents {enable | disable}
# config entries
edit "filter1"
set comment "Block files"
set protocol [smtp | imap | pop3]
set action {block | log}
set encryption {any | yes}
set file-type "exe"
next
end
end
next
end
Web Filter File Filter action as Block:
1: date=2019-03-19 time=09:42:15 logid="0346012673" type="utm" subtype="webfilter" eventtype="file_filter" level="warning" vd="vd1" eventtime=1548438135 policyid=1 sessionid=29449 srcip=10.1.100.22 srcport=52816 srcintf="dmz" srcintfrole="undefined" dstip=172.16.200.55 dstport=80 dstintf="wan1" dstintfrole="undefined" proto=6 service="HTTP" hostname="172.16.200.55" profile="webfilter-filefilter" action="blocked" reqtype="direct" url="/app_data/test1.pdf" sentbyte=0 rcvdbyte=0 direction="incoming" filename="test1.pdf" filtername="filter1" filetype="pdf" msg="File was blocked by file filter."
Web Filter File Filter action as Log:
2: date=2019-03-19 time=10:48:23 logid="0346012672" type="utm" subtype="webfilter" eventtype="file_filter" level="notice" vd="vd1" eventtime=1548442102 policyid=1 sessionid=521 srcip=10.1.100.22 srcport=52894 srcintf="dmz" srcintfrole="undefined" dstip=172.16.200.55 dstport=80 dstintf="wan1" dstintfrole="undefined" proto=6 service="HTTP" hostname="172.16.200.55" profile="webfilter-filefilter" action="passthrough" reqtype="direct" url="/app_data/park.jpg" sentbyte=0 rcvdbyte=0 direction="incoming" filename="park.jpg" filtername="filter2" filetype="jpeg" msg="File was detected by file filter."
Email Filter File Filter action as Block:
1: date=2019-01-25 time=15:20:16 logid="0554020511" type="utm" subtype="emailfilter" eventtype="file_filter" level="warning" vd="vdom1" eventtime=1548458416 policyid=1 sessionid=2881 srcip=10.1.100.12 srcport=45974 srcintf="port2" srcintfrole="undefined" dstip=172.16.200.56 dstport=143 dstintf="port1" dstintfrole="undefined" proto=6 service="IMAP" action="blocked" from="emailuser1@qa.fortinet.com" to="emailuser2@qa.fortinet.com" recipient="emailuser2" direction="incoming" subject="EXE file block" size="622346" attachment="yes" filename="putty.exe" filtername="filter1" filetype="exe"
Email Filter File Filter action as Log:
1: date=2019-01-25 time=15:23:16 logid="0554020510" type="utm" subtype="emailfilter" eventtype="file_filter" level="notice" vd="vdom1" eventtime=1548458596 policyid=1 sessionid=3205 srcip=10.1.100.12 srcport=55664 srcintf="port2" srcintfrole="undefined" dstip=172.16.200.56 dstport=25 dstintf="port1" dstintfrole="undefined" proto=6 service="SMTP" profile="emailfilter-file-filter" action="detected" from="emailuser1@qa.fortinet.com" to="emailuser2@qa.fortinet.com" sender="emailuser1@qa.fortinet.com" recipient="emailuser2@qa.fortinet.com" direction="outgoing" subject="PDF file log" size="390804" attachment="yes" filename="fortiauto.pdf" filtername="filter2" filetype="pdf"
New replacement messages.
Web Filter File Filter blocking upload:
You are not permitted to upload the file "%%FILE%%".
Web Filter File Filter blocking download:
Your attempt to access the file "%%FILE%%" has been blocked by your system administrator.
Email Filter File Filter blocking emails:
This email has been blocked. The file %%FILE%% was blocked due to its file type or properties
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.