|
To block Excel files from being uploaded or downloaded, a DLP file pattern and profile must be configured, and the profile must be applied to a firewall policy.
Step 1: Create the File Pattern to Match Excel File Types.
config dlp filepattern
edit 10
set name "excel_block"
config entries
edit "office_excel"
set filter-type type
set file-type msofficex
next
edit "*.xml"
next
edit "*.xlsx"
next
edit "*.xls"
next
edit "*.xlsm"
next
end
next
end
Note: Additional Excel-related file extensions can be included using wildcard patterns to match other relevant formats not already listed.
Step 2: Create the DLP Profile and apply the file pattern.
config dlp profile
edit "Block_excel"
config rule
edit 1
set proto http-get http-post
set file-type 10
set action block
next
end
next
end
Step 3: Attach the DLP Profile to a firewall policy.
config firewall policy
edit 1
set name "Internet"
set srcintf "port2"
set dstintf "port1"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "deep-inspection"
set av-profile "g-default"
set dlp-sensor "FortiDLP"
set application-list "g-default"
set nat enable
next
end
Once the configuration is complete and the policy is active, any attempt to upload or download Excel files (including .xls, .xlsx, .xlsm, and Office XML-based files) over HTTP/S will be blocked by the firewall based on the defined DLP rules.
Block Excel Files Containing Sensitive Data.
Use this method to block Excel files that contain specific sensitive content (such as Social Security Numbers) using pattern matching and content inspection.
Refer to the following article for step-by-step instructions:
Technical Tip: How to block Excel .xlsx document containing Social Security Numbers
|
