Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anthony_E
Community Manager
Community Manager

Created on ‎10-01-2020 02:49 AM Edited on ‎04-16-2025 11:32 PM By Moderator

Article Id 193748

Technical Tip: Configuring file filter (standalone profile)

Description

 

This article describes how to configure a file filter.

The previously embedded file filter within web filter, email filter, SSH inspection, and CIFS has moved to a standalone profile.
The file filter can be applied directly to firewall policies and supports various traffic protocols in proxy or flow mode.

Scope

 

For version 6.4.1, 7.0, 7.2, 7.4, and 7.6.

Solution

 

To configure a file filter from the GUI.

 

  • Configure the filter profile:

  1. Go to Security Profiles -> File Filter and select 'Create New'.
  2. Select a Feature set.
  3. In the Rules section, select 'Create New'.
  4. Configure the settings as needed.
  5. Select 'OK' to save the rule.

 
  1. Optionally, create more rules if needed.
  2. Select 'OK' to save the filter profile.
     
 
  
  • Apply the filter to a policy:
 
  1. Go to Policy & Objects -> Firewall Policy and edit an existing policy or create a new one.
  2. In the 'Security Profiles' section, enable 'File Filter'.
  3. Select the filter from the dropdown box.
 
 
  1. Configure the other settings as needed.
  2. Select 'OK'.

 

  • To configure a file filter in the CLI.


Configure the file filter profile:


config file-filter profile
    edit "test"
        set comment ''
        set feature-set flow
        set replacemsg-group ''
        set log enable
        set scan-archive-contents enable
            config rules
                edit "r2"
                    set comment ''
                    set protocol http ftp smtp imap pop3 cifs
                    set action block
                    set direction outgoing
                    set password-protected any
                    set file-type "sis" "tar" "tiff" "torrent" "upx" "uue" "wav" "wma" "xar" "xz" "zip"
                next
                edit "r1"
                    set comment ''
                    set protocol http ftp smtp imap pop3 cifs
                    set action log-only
                    set direction any
                    set password-protected any
                    set file-type ".net" "7z" "activemime" "arj" "aspack" "avi" "base64" "bat" "binhex" "bmp" "bzip" "bzip2"
                next
                edit "r3"
                    set comment ''
                    set protocol http ftp smtp imap pop3
                    set action block
                    set direction any
                    set password-protected any
                    set file-type "binhex"
                next
            end
    next
end

 

  • Apply the filter to a policy:

 

config firewall policy

    edit 1

        set name "filefilter-policy"

        set srcintf "port10"

        set dstintf "port9"

        set srcaddr "all"

        set dstaddr "all"

        set srcaddr6 "all"

        set dstaddr6 "all"

        set action accept

        set schedule "always"

        set service "ALL"

        set utm-status enable

        set profile-protocol-options "protocol"

        set ssl-ssh-profile "protocols"

        set file-filter-profile "test"

        set auto-asic-offload disable

        set np-acceleration disable

        set nat enable

    next

end

2096
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.