This issue occurs when blocking a file using a DLP file size filter in flow mode.

Starting FortiOS firmware v7.4.4, lower-end models with 2GB memory would not support proxy features. This was done to improve memory utilization in lower-end firewall models.
Proxy-related features no longer supported on FortiGate 2 GB RAM models v7.4.4

For lower-end models, the DLP filter will be functioning in flow mode. Therefore, blocking files based on file size would not work if the file size were larger than 10 MB, which is the default.

To overcome this limitation, the maximum oversize threshold of file scanning has to be increased by using the 'set oversize-limit' command within the protocol options profile.

config firewall profile-protocol-options
    edit [profile]
        config [service]
            set oversize-limit ?
oversize-limit   Enter an integer value from <1> to <186> Mbytes (default = <10>).

Where:

• '[Service]' is FTP, HTTP, IMAP, nntp, mapi, pop3, or SMTP.
• '[Profile]' could be a custom profile.

As in the example above, the DLP filter would not be able to block any file larger than 186 MB.

On mid to low-end FortiGates, the maximum file size for scanning in memory (maximum oversize threshold) is 10% of FortiGate's RAM. The remaining RAM is reserved for system use. FortiGates automatically calculates the maximum oversized threshold for scanning.

Related documents:

• Technical Tip: Maximum oversize threshold
• Technical Tip: Using proxy features in lower-end FortiGates
  
• Inspection mode feature comparison