Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- Customer Service
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGuest
- FortiGate Cloud
- FortiGate
- FortiHypervisor
- FortiInsight
- FortiADC
- FortiIsolator
- FortiAIOps
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiBridge
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiCASB
- FortiSASE
- FortiSIEM
- FortiConverter
- FortiSOAR
- FortiCNP
- FortiSwitch
- FortiTester
- FortiDAST
- FortiWAN
- FortiToken
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- Wireless Controller
- FortiAppSec Cloud
- FortiDirector
- RMA Information and Announcements
- FortiEDR
- FortiExtender
- FortiCloud Products
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- Wireless Controller
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Support Forum
- Community Groups
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Blogs
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- Customer Service
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGuest
- FortiGate Cloud
- FortiGate
- FortiHypervisor
- FortiInsight
- FortiADC
- FortiIsolator
- FortiAIOps
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiBridge
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiCASB
- FortiSASE
- FortiSIEM
- FortiConverter
- FortiSOAR
- FortiCNP
- FortiSwitch
- FortiTester
- FortiDAST
- FortiWAN
- FortiToken
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- Wireless Controller
- FortiAppSec Cloud
- FortiDirector
- RMA Information and Announcements
- FortiEDR
- FortiExtender
- FortiCloud Products
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- Wireless Controller
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Engage Services
- The EPSP Platform
- The ETSP Platform
- Finland
- FortiCare Service Development
- FortiGate-VM on Azure
- FortiGate-VM on AWS
- FortiGate CNF (All Marketplaces)
- FortiWeb Cloud (All Marketplaces)
- Fortinet for SAP
- FortiSIEM
- FortiSOAR
- KCS
- Lacework
- Super User
- Agora
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: How to archive content of all email...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
kbahrudin_FTNT
Staff
Created on
07-14-2015
05:05 PM
Edited on
02-26-2025
07:22 AM
By
Stephen_G
Article Id
197708
Description
This article describes how to archive message content of all emails passing through a FortiGate with their attachments.
Scope
DLP archiving.
Solution
There are two forms of DLP archiving: Summary Only and Full.
Summary archiving records information about the supported traffic types. For example, when an email message is detected, the sender, recipient, message subject, and total size are recorded. When a user accesses the Web, every URL the user visits is recorded. The result is a summary of all activity the sensor detected.
For more detailed records, Full archiving is necessary. When an email message is detected, the message itself, including any attachments, is archived. When a user accesses the Web, every page the user visits is archived. Far more detailed than a summary, Full DLP archives require more storage space and processing.
DLP archiving is set in the CLI only.
To set the archive to Full and Summary Archive:
Summary archiving records information about the supported traffic types. For example, when an email message is detected, the sender, recipient, message subject, and total size are recorded. When a user accesses the Web, every URL the user visits is recorded. The result is a summary of all activity the sensor detected.
For more detailed records, Full archiving is necessary. When an email message is detected, the message itself, including any attachments, is archived. When a user accesses the Web, every page the user visits is archived. Far more detailed than a summary, Full DLP archives require more storage space and processing.
DLP archiving is set in the CLI only.
To set the archive to Full and Summary Archive:
config dlp sensor
edit <name of sensor>
config filter
edit 1
set type message
set proto smtp pop3 imap
set filter-by regexp
set regexp ".*"
set archive enable -> enable archive (IMPORTANT)
set action log-only
next
end
set full-archive-proto smtp pop3 imap -> set archive-type to Full (IMPORTANT)
set summary-proto smtp pop3 imap -> set archive-type to Summary (IMPORTANT)
end
edit <name of sensor>
config filter
edit 1
set type message
set proto smtp pop3 imap
set filter-by regexp
set regexp ".*"
set archive enable -> enable archive (IMPORTANT)
set action log-only
next
end
set full-archive-proto smtp pop3 imap -> set archive-type to Full (IMPORTANT)
set summary-proto smtp pop3 imap -> set archive-type to Summary (IMPORTANT)
end
To see the logs on the FortiGate GUI, navigate to Log & Report -> Security Events -> DLP.
If archive logs do not appear, a disk format might be needed:
execute formatlogdisk
Pay attention to the prompts displayed when executing it, as it will erase logs and other files.
When email content is archived to a FortiAnalyzer using DLP archive, the archived email can be seen under FortiView.
Go to Log & Report -> Security -> DLP -> DLP Logs that detect email -> Select one of these logs -> Go to the second tab -> Download the file that has email content.
Go to Log & Report -> Security -> DLP -> DLP Logs that detect email -> Select one of these logs -> Go to the second tab -> Download the file that has email content.
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.