Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ahameed
Staff
Staff

Created on ‎01-08-2018 12:34 PM

Article Id 190895

Technical Note: How to log email attachments greater than 10 MB with DLP on FortiGate

Description
There are many cases where it is required to log email traffic containing attachments of greater than 10 MB.  The default maximum size on FortiGate is 10 MB.  This article provides a solution of logging email attachments of greater than 10 MB.

Scope
Logging & reporting

Solution
Use the following steps in order to log email attachments of greater than 10 MB passing through FortiGate DLP sensor.

1)  Verify the oversize limit of the smtp protocol under proxy options:
config firewall profile-protocol-options
edit default
config smtp
get | grep oversize
oversize-limit      :  10
uncompressed-oversize-limit: 10

2)  Increase the uncompressed-oversize limit and oversize limit:

ahameed_FD40961_tn_FD40961-1.jpg

3)  Enable log oversized files under proxy options:

ahameed_FD40961_tn_FD40961-2.jpg

4)  Send an email with an attachment of over 10 MB and verify the logs in FortiAnalyzer or FortiGate:

ahameed_FD40961_tn_FD40961-3.jpg

2812
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.