DLP with HTTPS

This is because DLP attempts to intercept HTTP GET and/or HTTP POST traffic, which is not visible to the sensor without performing deep ssl-inspection.

Then ?? all https traffic is " free" for users??

DLP is not dependant of web filter. You can create a firewall rules without web filter, but DLP enabled. If you want to enable DLP, you need : - a proxy profile with correct parameters - DLP profile - DPI if you want to scan encrypted flow (SMTPS, HTTPS, ...) DPI is not only for the web filtering, it is a security feature to improve the efficiency of all other feature (IPS, app control, web filter, dlp, AV, ..)

hklb, you said I need a " proxy profile" . Why? I didn' t see it at documentation. the device use v.5.0 thanks

Are you trying to mix flow and proxy based UTM profiles? If so, don' t do that. Use all flow or all proxy based. Logic was added regarding this in 5.0.5

I was doing any test with DPI active: URL web filter works well and i can filter https web sites, but with DLP with file type and file size sensor it didn' t log any file I download from https site. I' m sure DLP is not in flow mode. Web filter is done with the URL filter with wild card. Thanks