Skip to main content
caifan125
caifan125
New Member
September 28, 2015
Question

Blocking upload files

  • September 28, 2015
  • 1 reply
  • 17635 views

I want to block the exit of all the files of our lan, except pdf files. I configured DLP and it blocks if I want upload files through ftp or if I receive mails from outside, but when I send mails with attached files, they exit without problems, What is happenning? Do I need to do something else in the configuration?

 

Thanks for all.

1 reply

Allwyn_Mascarenhas
Allwyn_Mascarenhas
New Member
September 29, 2015

caifan125 wrote:

I want to block the exit of all the files of our lan, except pdf files. I configured DLP and it blocks if I want upload files through ftp or if I receive mails from outside, but when I send mails with attached files, they exit without problems, What is happenning? Do I need to do something else in the configuration?

 

Thanks for all.

basically you want to block email attachments, so for that  use the attachment signatures in application control and set them to block. You will need to use ssl cert inspection and install the ssl_proxy cert on client machines.

 

For google sites you must block their quic protocol as well.

 

 

caifan125
caifan125Author
New Member
October 3, 2015

Thank you for your answer, but I think I was not clear. The idea is that the only thing that can be upload out of our network are pdf files. Like I said before, I configured the DLP sensor and it sent me a message if I try to upload a file to ftp server and thats ok, but in the services that I selected for  examination, I check smtp, pop3 and IMAP, but when I sent a mail with attached file, just sends without problem and I'm using those protocols. Is this configured correctly or is another way? If this is solved with the previous message, I will try.

 

Thanks for the help

Allwyn_Mascarenhas
Allwyn_Mascarenhas
New Member
October 4, 2015

what client and email service you used for the testing? Like i said you will need to block QUIC protocol for google sites.

 

Just try

1.creating a DLP with file filter selecting all files you want to block, choose action as block.

2.create a policy with only this DLP filter and cert inspection enabled and other settings as per you lan interface - wan

3.drag this straight to the top of all other policies.

 

since policies are matched top to bottom any traffic matching this policy will be blocked while the rest will pass through it and go to the next policy.

 

 

Terms & ConditionsAccessibility statement