Skip to main content
amrshawky
amrshawky
New Member
August 17, 2019
Solved

how to prevent large file from downloading only

  • August 17, 2019
  • 1 reply
  • 15880 views

i make DLP sensor and map it with a policy to prevent download files large than 500M after apply, user can not download small or large files

    Best answer by CAD

     activate  (Block Oversized File/Email) in porxy option 

         

    1 reply

    OneOfUs
    OneOfUs
    New Member
    August 21, 2019

    Please provide the output of your sensor from the CLI:  

    config dlp sensor
        edit "Large-File"
            config filter
                edit 1
                    set name "Large-File-Filter"
                    set proto smtp pop3 imap http-get http-post mapi
                    set filter-by file-size
                    set file-size 51240
                    set action log-only
                next
            end
        next
    end

     https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/DLP/DLP%20examples.htm   You can also watch to flows to get a better idea why it's failing:   diagnose debug reset diagnose debug enable diagnose debug flow show console enable diagnose debug flow filter addr <source ip> diagnose debug flow trace start 100   To stop the debug: diagnose debug disable diagnose debug reset

    nbctcp
    nbctcp
    New Member
    January 31, 2020

    QUESTIONS: 1. since 6.2 DLP disappear from menu. What is alternative method to limit download size 2. will that "debug flow" work in proxy mode? tq

    Dave_Hall
    Dave_Hall
    New Member
    January 31, 2020

    The patch notes only says DLP can only be configured via the CLI.  That to me says it was only removed from the GUI. 

    Terms & ConditionsAccessibility statement