Description
The previously embedded file filter within web filter, email filter, SSH inspection, and CIFS has moved to a standalone profile.
The file filter can be applied directly to firewall policies and supports various traffic protocols in proxy or flow mode.
This article describes how to configure file filter.
Scope
For version 6.4.1.
Solution
To configure a file filter from GUI.
- Configure the filter profile:
1) Go to Security Profiles -> File Filter and select 'Create New'.
2) Select a Feature set.
3) In the Rules section, select 'Create New'.
4) Configure the settings as needed.
5) Select 'OK' to save the rule.
# config file-filter profile- Apply the filter to a policy:
edit "test"
set comment ''
set feature-set flow
set replacemsg-group ''
set log enable
set scan-archive-contents enable
# config rules
edit "r2"
set comment ''
set protocol http ftp smtp imap pop3 cifs
set action block
set direction outgoing
set password-protected any
set file-type "sis" "tar" "tiff" "torrent" "upx" "uue" "wav" "wma" "xar" "xz" "zip"
next
edit "r1"
set comment ''
set protocol http ftp smtp imap pop3 cifs
set action log-only
set direction any
set password-protected any
set file-type ".net" "7z" "activemime" "arj" "aspack" "avi" "base64" "bat" "binhex" "bmp" "bzip" "bzip2"
next
edit "r3"
set comment ''
set protocol http ftp smtp imap pop3
set action block
set direction any
set password-protected any
set file-type "binhex"
next
end
next
end
# config firewall policy
edit 1
set name "filefilter-policy"
set srcintf "port10"
set dstintf "port9"
set srcaddr "all"
set dstaddr "all"
set srcaddr6 "all"
set dstaddr6 "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set profile-protocol-options "protocol"
set ssl-ssh-profile "protocols"
set file-filter-profile "test"
set auto-asic-offload disable
set np-acceleration disable
set nat enable
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.