Technical Note: Using FortiGate DLP to block specific file types
Products
FortiGate v5.0
Description
This article explains how to configure DLP (Data Leak Prevention) to block files passing through a FortiGate.
Scope
FortiOS v5.0
Solution
1) Configure the file filters/file patterns for the respective file types. (For example: pdf)



2) Create a new dlp sensor.

Choose the file pattern created earlier and set the action to block.



3) Configure the firewall policy and apply the dlp sensor on the respective policy.



Note: For lower end models (FG-40C, FG-30B, FG-20C) only CLI configuration is available as shown below:

a) Config the file filters/file patterns for the respective file types. (For example: pdf)

config dlp filepattern
edit 1
set name "Test_file_filter"
config entries
edit "pdf"
set filter-type type
set file-type pdf
next
end
next
end

b) Create a new dlp sensor and choose file pattern already created.

config dlp sensor
edit "Test_dlp_sensor"
set comment 'to block files'
config filter
edit 1
set type file
set proto smtp pop3 imap http-get http-post ftp
set filter-by file-type
set file-type 3
set archive enable
set action block
next
end
set extended-utm-log enable
set flow-based disable
next
end

c) Configure the firewall policy and apply the dlp sensor on the policy.

config firewall policy
edit 1
set srcintf "internal1"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set status enable
set schedule "always"
set service "ALL"
set nat enable
set utm-status enable
set dlp-sensor "Test_dlp_sensor"
set profile-protocol-options "default"
next
end
Last Modified Date: 10-10-2014 Document ID: FD35108