Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kmohan
Staff
Staff

Created on ‎02-10-2025 02:53 AM

Article Id 375437

Technical Tip: How to Allow/Block a File type for Incoming/Outgoing traffic for Email Files

Description

 

This article describes how to configure the File Filter to allow/block file types for Emails like Gmail or Outlook.

 

Scope

 

FortiGate v7.2.5 or above.

 

Solution

 

  1. Configure the File Filter to block file types like PDF, zip, and other types. Block file type: PDF files for upload/download.

 

file filter.png

 

  1. Add the File Filter on the Firewall policy with Proxy Inspection Mode. The feature set setting (proxy) in the file filter profile must match the inspection mode setting (proxy) in the associated firewall policy.

 

Policy1.png

 

Policy.png

 

  1. Try to download the PDF file from Gmail, and block the status 'File was blocked by file filter'.

 

Both GUI and CLI, run the below command line to check file filter logs:

 

execute log filter category utm-file-filter

execute log display

 

CLI Logs2.png

 

Logs.png


Note:

Use Proxy Inspection Mode on both Policy and File Filter Profile, add Customs deep-inspection mode, and install the certificate on the user PC under the Trusted Rooted certificate.It is now blocking the files from the Gmail

255
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.