Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rpmadathil_FTNT
Staff & Editor
Staff & Editor

Created on ‎01-03-2015 06:49 AM Edited on ‎07-28-2025 12:54 AM By Community Manager

Article Id 195173

Technical Tip: How to block the upload or download of files using DLP for HTTP, smtp, pop3, imap

Description

 

This article describes how to use a DLP sensor to block the file upload or download for HTTP/HTTPS, SMTP, POP3, and IMAP on v5.0, v5.2 and newer versions.

Solution

 

Step1:

 

For 5v.2.x:

Create a DLP sensor:

  • Go to Security profiles -> Data Leak Prevention -> Create New Filter -> select Files.
  • Specify File Types -> File Name Pattern -> Enter the pattern *.*.
  • Select the services such as HTTP-GET, POP3, or IMAP to block the download over HTTP, POP3, and IMAP.
  • To block the upload and download over HTTP or SMTP, select the services HTTP-POST, HTTP-GET, and SMTP.
  • Set the Action to Block.

 

See the screenshot below:

 

Stephen_G_0-1732717598943.png

 

For 5.0.x:

Create a file filter as shown in the screenshot below:

 

Stephen_G_1-1732717628659.png

 

Apply the created file filter under the DLP Sensor:

 

Stephen_G_2-1732717654868.png

 

Step 2: Include it in the required firewall policy.

Once the DLP sensor is configured, enable the configured DLP sensor in a firewall policy.

 

Important note:

  • http-post will block the uploads from http. Select all protocols to block uploads on all supported protocols.
  • Email protocols will block the complete emails with attachments, not only the attachments. Blocking of email attachments is not possible with the current OS. It would be a new feature request, which can be requested by contacting the local sales team or emailing sales@fortinet.com.
  • For it to work, the user should generate the traffic (upload files) from one of the supported protocols. If the users are using other means to upload or download, it would not work.
  • For it to work on SSL protocols (https,smtps,pop3s), enable SSL inspection and make sure these options are checked. The screen shot below is attached for reference:

 

Stephen_G_3-1732717753942.png

 

Additional note:

 Make sure the policy should be proxy inspection ,andthe  SSL inspection profile would be deep inspection

 

On newer versions, including v7.2.x, v7.4.x and v7.6.x, the feature needs to be enabled under System -> Feature Visibility -> Data Leak Prevention by selecting Apply.

 

After this step, the option will be visible under Security Profiles as seen below:

 

DLP Feature Visibility.PNG

 

DLP Security Profiles.PNG

 

The window view has also changed in newer versions. The 'New DLP Dictionary' looks as follows:

 

New DLP Dictionary.PNG

 

The 'New DLP Sensor' looks as follows:

 

New DLP Sensor.PNG

 

The DLP Profile layout looks as seen below:

 

DLP Profile.PNG

 

For more information on how to configure each step of this Security Profile, it is recommended to follow the official documentation of each FortiOS, depending on the FortiGate version the user has.

26636
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.