Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vgatti
New Contributor

[SOLVED] DLP Blocking some packages from Ubuntu repositories

http://security.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-common_5.5.41-0ubuntu0.14.04.1_all.deb

http://br.archive.ubuntu....sl-cert_1.0.33_all.deb

 

Can't download from either links, as I get the message "The transfer attempted appeared to contain a data leak!".

I can download other files/packages from the same repositories.

 

How can I make my server bypass this restriction, or put these URLs in a white list?

 

FortiGate 90D v5.0,build3608

 

Thank you

 

EDIT: just updating this thread, I found out what was causing the block. My DLP rules were blocking ".cnf" files, and inside some DEB files this file is present. I didn't know, but FortiGate scans inside the file before downloading it. After removing the ".cnf" rule in DLP, the files were downloaded successfully.

5 REPLIES 5
Iescudero
Contributor II

Hi!

just create a new policy upper that policy with dlp applied, with the source address is your linux server and try again.

Bye!

vgatti

escudero wrote:

just create a new policy upper that policy with dlp applied, with the source address is your linux server and try again.

Thanks for your quick reply!

However, by doing that I'll be making my Linux Server open to the whole internet, right? Isn't there any way to create an exception inside DLP?

Iescudero

You can solve this, adding destination fqn address security.ubuntu.com and br.archive.ubuntu both with port 80 (http service) and thats it!

Shawn_W

Any update?  Did that work?

vgatti
New Contributor

Shawn W wrote:

Any update?  Did that work?

No it didn't... the only way I can download those files is if I completely disable DLP from my policies. I still don't know what is causing the block.