Technical Tip: How to Allow/Block a File type for Incoming/Outgoing traffic for Email Files

Description

This article describes how to configure the File Filter to allow/block file types for emails like Gmail or Outlook.

Scope

FortiGate v7.2.5 or above.

Solution

1. Configure the File Filter to block file types like PDF, zip, and other types. Block file type: PDF files for upload/download.

2. Add the File Filter on the Firewall policy with Proxy Inspection Mode. The feature set setting (proxy) in the file filter profile must match the inspection mode setting (proxy) in the associated firewall policy.

3. Try to download the PDF file from Gmail, and block the status 'File was blocked by file filter'.

Note:

Outlook uses the MAPI over HTTPS protocol, so MAPI over HTTPS inspection must be enabled in the SSL/SSH inspection profile when Outlook is used as the email client.

To enable MAPI over HTTPS inspection in CLI, use the following command:

config firewall ssl-ssh profile
    edit "your_profile"
        set mapi-over-https enable <---
    next
end

In GUI and CLI, run the following command line to check file filter logs:

execute log filter category utm-file-filter

execute log display

Note:

Use Proxy Inspection Mode on both Policy and File Filter Profile, add Customs deep-inspection mode, and install the certificate on the user PC under the Trusted Rooted certificate. It is now blocking the files from Gmail.