Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jsarah
Staff
Staff

Created on ‎02-12-2024 04:35 AM Edited on ‎02-12-2024 09:31 PM By Community Manager

Article Id 298938

Technical Tip: How to verify if the file is matching the configured file filter profile

Description This article describes how to check which profile of the file filter the files matching
Scope FortiGate v7.
Solution

Run the following command:

 

diagnose sys scanunit debug file-filter enable

diag debug enable<----- To start debug, // initiate traffic.

diag debug disable<----- To stop debug.

 

scanunit is the daemon responsible for file filters.

 

The example of output will be as follows:

 

file-filter enabled options 0x1 profile FILE_FILTER_TEST_PROFILE  <----- Profile name is FILE_FILTER_TEST_PROFILE .
su 24688 job 134 AV engine file info results for 'test.pdf' <----- The file name tried to attach is test.pdf
su 24688 job 134 state: 3 ftypeCount: 1 encrypted: 0 need-data: 0
su 24688 job 134 scanunit file-type: -1 : [UNKNOWN]
su 24688 job 134 engine file-types: 1
su 24688 job 134 0 => 42 : pdf  <----- Type of the file matched.
su 24688 job 134 file_filter match: 'rule1' ft 42 d 0 p 1  <----- 'rule1' is the rule written inside file filter  and 42 means pdf

 

sample configuration example:

 

test1.png

 

Example of attachment failure:

 

test2.png
Labels:
256
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.