Technical Tip: How to block file type such as .pdf file via SFTP protocol in FortiGate

• To block file types such as .pdf via SFTP  protocol, go under Security Profiles -> File Filter -> Create New -> Rules and select 'Create New'.It may not be possible to see the SFTP protocol under Protocols. Correct the setting via CLI commands as below:

Correct the setting with file filter:

From CLI:

FGT # config file-filter profile

FGT # edit SFTPtest1
FGT # set feature-set proxy

FGT # config rules

FGT # edit SFTPtestRule1

FGT # set protocol ssh

FGT # set action block

FGT # set file-type pdf png jpeg
FGT # next

FGT # end

FGT # next

FGT # end

Then, it will be possible to see the SSH feature under the Protocol of 'File Filter Rule'.

2. Go to Security Profiles -> SSL/SSH Inspection and select 'Create New'.

Name : deep-inspectionTestSFTP1

Inspection method : Full SSL Inspection

>SSH Inspection Options >SSH deep scan : enable >

SSH port : Specify : 22

>OK

Note:

Inspection all ports: Enable it if not sure about the SFTP port.

SSH port: Choose to be 'Any'  not sure about the SFTP port.

3. Correct the setting at Firewall Policy

• Go to Policy&Objects -> Firewall Policy and select 'Create New'.

Put the Interface, Address, Service, and etc.

From CLI:

FGT # config firewall policy

FGT # edit <XX> <----- XX is the firewall policy ID that focuses on.
FGT # set inspection-mode proxy

FGT # end

• Go to Policy&Object -> Firewall Policy -> Security Profiles.

> File Filter : SFTPtest1

'SFTPtest1' created when 'Inspection Mode' is 'Proxy-based'.

Choose 'SFTPtest'” created under1.

-SSL Inspection :  deep-inspectionTestSFTP1  ( Choose the one that you create on step 2)  )

>OK

4. Test to upload .pdf file or file type following the configuration via SFTP protocol as wished.

FortiGate should be able to block those files via SFTP protocol after that.