Skip to main content
rpmadathil_FTNT
Staff & Editor
rpmadathil_FTNT
Staff & Editor
January 3, 2015

Technical Tip: How to block the upload or download of files using DLP for HTTP, smtp, pop3, imap

  • January 3, 2015
  • 0 replies
  • 27731 views

Description

 

This article describes how to use a DLP sensor to block the file upload or download for HTTP/HTTPS, SMTP, POP3, and IMAP on v5.0, v5.2 and newer versions.

Solution

 

Step1:

 

For 5v.2.x:

Create a DLP sensor:

  • Go to Security profiles -> Data Leak Prevention -> Create New Filter -> select Files.
  • Specify File Types -> File Name Pattern -> Enter the pattern *.*.
  • Select the services such as HTTP-GET, POP3, or IMAP to block the download over HTTP, POP3, and IMAP.
  • To block the upload and download over HTTP or SMTP, select the services HTTP-POST, HTTP-GET, and SMTP.
  • Set the Action to Block.

 

See the screenshot below:

 

Stephen_G_0-1732717598943.png

 

For 5.0.x:

Create a file filter as shown in the screenshot below:

 

Stephen_G_1-1732717628659.png

 

Apply the created file filter under the DLP Sensor:

 

Stephen_G_2-1732717654868.png

 

Step 2: Include it in the required firewall policy.

Once the DLP sensor is configured, enable the configured DLP sensor in a firewall policy.

 

Important note:

  • http-post will block the uploads from http. Select all protocols to block uploads on all supported protocols.
  • Email protocols will block the complete emails with attachments, not only the attachments. Blocking of email attachments is not possible with the current OS. It would be a new feature request, which can be requested by contacting the local sales team or emailing sales@fortinet.com.
  • For it to work, the user should generate the traffic (upload files) from one of the supported protocols. If the users are using other means to upload or download, it would not work.
  • For it to work on SSL protocols (https,smtps,pop3s), enable SSL inspection and make sure these options are checked. The screen shot below is attached for reference:

 

Stephen_G_3-1732717753942.png

 

Additional note:

 Make sure the policy should be proxy inspection ,andthe  SSL inspection profile would be deep inspection

 

On newer versions, including v7.2.x, v7.4.x and v7.6.x, the feature needs to be enabled under System -> Feature Visibility -> Data Leak Prevention by selecting Apply.

 

After this step, the option will be visible under Security Profiles as seen below:

 

DLP Feature Visibility.PNG

 

DLP Security Profiles.PNG

 

The window view has also changed in newer versions. The 'New DLP Dictionary' looks as follows:

 

New DLP Dictionary.PNG

 

The 'New DLP Sensor' looks as follows:

 

New DLP Sensor.PNG

 

The DLP Profile layout looks as seen below:

 

DLP Profile.PNG

 

For more information on how to configure each step of this Security Profile, it is recommended to follow the official documentation of each FortiOS, depending on the FortiGate version the user has.

Terms & ConditionsAccessibility statement