FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ahameed
Staff
Staff
Description
There are many cases where it is required to log email traffic containing attachments of greater than 10 MB.  The default maximum size on FortiGate is 10 MB.  This article provides a solution of logging email attachments of greater than 10 MB.

Scope
Logging & reporting

Solution
Use the following steps in order to log email attachments of greater than 10 MB passing through FortiGate DLP sensor.

1)  Verify the oversize limit of the smtp protocol under proxy options:
config firewall profile-protocol-options
edit default
config smtp
get | grep oversize
oversize-limit      :  10
uncompressed-oversize-limit: 10

2)  Increase the uncompressed-oversize limit and oversize limit:

ahameed_FD40961_tn_FD40961-1.jpg

3)  Enable log oversized files under proxy options:

ahameed_FD40961_tn_FD40961-2.jpg

4)  Send an email with an attachment of over 10 MB and verify the logs in FortiAnalyzer or FortiGate:

ahameed_FD40961_tn_FD40961-3.jpg

Contributors