FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dnayak_FTNT
Staff
Staff
Description
This article explains how to set up a DLP security profile to log attachment information sent in an email.

Solution
Go to Security Profiles > Data Leak Prevention and create a new filter (For example, Microsoft Office for word files).

dnayak_FD36064_tn_FD36064-1.jpg
Add the newly created DLP profile to your policy and also enable SSL deep-inspection.
dnayak_FD36064_tn_FD36064-2.jpg
In the CLI, under your DLP sensor, make sure you enable extended-utm-log so that you can observe attachment information in DLP log.

config dlp sensor
edit "Test_dlp "
        set comment "summary archive email and web traffic"
        set replacemsg-group ''
            config filter
                edit 1
                    set type file
                    set proto smtp pop3 imap http-get http-post ftp nntp
                    set filter-by file-type
                    set file-type 3
                    set action log-only
                next
            end
        set extended-utm-log enable
                set dlp-log enable

Also, in the memory log settings, set severity to “information”

config log memory filter
    set severity information

Now, whenever an email is sent across the FortiGate with msoffice related files (for example a word file), the information about the attachment will be logged in the DLP logs under “Log & Report”

Contributors