Description
If you are trying to block files greater than a certain size, you may initially try to set this up using DLP.
For example, you may configure DLP to block files greater than 100MB. You may however run into the following difficulties:
- The file may pass without being blocked.
- The file may need to buffer completely before being blocked or passed, using system resources and causing users to wait to find out if the file will be downloaded.
Solution
An alternative method that avoids these pitfalls is to use the Proxy Options profile to block larger files instead. The Proxy Options profile has an oversize limit that will prevent the file from being scanned if it is too large. Because of this, large files may not be scanned for AV or DLP (or other issues) and therefore will be allowed even if the DLP is configured to block the file. To overcome this, set the Proxy Options profile to block oversize files instead.
Configuration of Proxy Options can be done in the GUI, but oversize settings are available in CLI only. They can be configured as follows:
config firewall profile-protocol-options
edit default
set oversize-log enable
[repeat the following for <protocol> = http, ftp, imap, mapi, pop3, smtp, nntp]
config <protocol>
set options oversize
set uncompsizelimit 90
set oversize-limit 90
end
end
