FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to set up a DLP security profile to log attachment information sent in an email.
Go to Security Profiles > Data Leak Prevention and create a new filter (For example, Microsoft Office for word files).
Add the newly created DLP profile to your policy and also enable SSL deep-inspection. In the CLI, under your DLP sensor, make sure you enable extended-utm-log so that you can observe attachment information in DLP log.
config dlp sensor edit "Test_dlp " set comment "summary archive email and web traffic" set replacemsg-group '' config filter edit 1 set type file set proto smtp pop3 imap http-get http-post ftp nntp set filter-by file-type set file-type 3 set action log-only next end set extended-utm-log enable set dlp-log enable
Also, in the memory log settings, set severity to “information”
config log memory filter set severity information
Now, whenever an email is sent across the FortiGate with msoffice related files (for example a word file), the information about the attachment will be logged in the DLP logs under “Log & Report”