Technical Tip: How to block .docx and .xlsx file formats using DLP profile
| Description | This article describes how to fix the issue when the DLP profile is not blocking .docx and .xlsx file formats. |
| Scope | FortiGate. |
| Solution | Note: .doc and .xls files are getting blocked as expected.
Configuration:
config dlp filepattern end
config dlp profile set feature-set proxy config rule edit 1 set name "TEST" set proto http-get http-post ftp set file-type 1 ---------------> Refers to the DLP file pattern above. set action block next end next end
config firewall policy edit 1 set name "DLP-BLOCK" set srcintf "LAN" set dstintf "WAN" set action accept set srcaddr "LAN_Subnet" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set ssl-ssh-profile "deep-inspection" set dlp-profile "DLP-MonitorOnly" set logtraffic all set nat enable next end
Performing the scanunit debugs while reproducing the issue shows that the actual content is embedded in document.xml:
su 7858 job 11 DLP: done archive level 1 scan 'word/document.xml' result 0
In order to fix the issue, a new config in the DLP file pattern should be added. config dlp filepattern
Related article: |