Technical Note: How to log email attachments greater than 10 MB with DLP on FortiGate
Description
Scope
Solution
There are many cases where it is required to log email traffic containing attachments of greater than 10 MB. The default maximum size on FortiGate is 10 MB. This article provides a solution of logging email attachments of greater than 10 MB.
Scope
Logging & reporting
Solution
Use the following steps in order to log email attachments of greater than 10 MB passing through FortiGate DLP sensor.
1) Verify the oversize limit of the smtp protocol under proxy options:
2) Increase the uncompressed-oversize limit and oversize limit:
3) Enable log oversized files under proxy options:
4) Send an email with an attachment of over 10 MB and verify the logs in FortiAnalyzer or FortiGate:
1) Verify the oversize limit of the smtp protocol under proxy options:
config firewall profile-protocol-options
edit default
config smtp
get | grep oversize
oversize-limit : 10
uncompressed-oversize-limit: 10
2) Increase the uncompressed-oversize limit and oversize limit:
3) Enable log oversized files under proxy options:
4) Send an email with an attachment of over 10 MB and verify the logs in FortiAnalyzer or FortiGate: