I'm a sort of newbie looking for advice. We have a FortiGate 600D (5.6.4) and would like to block upload/download of file attachments when users access their private mail in such sites as GMAIL, YAHOO, etc. via HTTPS/HTTP. Our Fortigate consultant suggested using DLP, but I think Application Control is the right choice. I found a GMAIL Attachment signature which looks like the filter I need. I defined an application control profile and used it in a policy, but I have issues with certificates : Chrome browsers get stuck with Invalid certificate messages (ERR_SSL_PROTOCOL_ERROR), while an old Internet Explorer seems to work well and even the filter works. But I can't force my users to adopt an old browser to surf the web ! I've read various articles which say it's due to SSL DEEP INSPECTION and that I should add the Fortigate certificate to the local certificate repository on each PC, but it hasn't solved my problem. Any ideas/suggestions ? Would DLP be a better option? Another thing I was wondering about was whether the GMAIL signature is valid only for the GMAIL site or can it be adapted/modified for other webmail sites? do I have to identify all the sites I want to filter or is there some type of classification mechanism available (like URL filtering) whereby I can select "webmail" as a type of site ?
Hope I've been clear enough.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.