HI,  I'm a sort of newbie looking for advice. We have a FortiGate 600D (5.6.4) and would like to block upload/download of file attachments when users access their private mail in such sites as GMAIL, YAHOO, etc. via HTTPS/HTTP. Our Fortigate consultant suggested using DLP, but I think Application Control is the right choice. I found a GMAIL Attachment signature which looks like the filter I need. I defined an application control profile and used it in a policy, but I have issues with certificates : Chrome browsers get stuck with Invalid certificate messages (ERR_SSL_PROTOCOL_ERROR), while an old Internet Explorer seems to work well and even the filter works. But I can't force my users to adopt an old browser to surf the web ! I've read various articles which say it's due to SSL DEEP INSPECTION and that I should add the Fortigate certificate to the local certificate repository on each PC, but it hasn't solved my problem. Any ideas/suggestions ? Would DLP be a better option? Another thing I was wondering about was whether the GMAIL signature is valid only for the GMAIL site or can it be adapted/modified for other webmail sites? do I have to identify all the sites I want to filter or is there some type of classification mechanism available (like URL filtering) whereby I can select "webmail" as a type of site ?  Hope I've been clear enough.

Thanks for your help, SPJ