I want to block the exit of all the files of our lan, except pdf files. I configured DLP and it blocks if I want upload files through ftp or if I receive mails from outside, but when I send mails with attached files, they exit without problems, What is happenning? Do I need to do something else in the configuration?
Thanks for all.
caifan125 wrote:I want to block the exit of all the files of our lan, except pdf files. I configured DLP and it blocks if I want upload files through ftp or if I receive mails from outside, but when I send mails with attached files, they exit without problems, What is happenning? Do I need to do something else in the configuration?
Thanks for all.
basically you want to block email attachments, so for that use the attachment signatures in application control and set them to block. You will need to use ssl cert inspection and install the ssl_proxy cert on client machines.
For google sites you must block their quic protocol as well.
Thank you for your answer, but I think I was not clear. The idea is that the only thing that can be upload out of our network are pdf files. Like I said before, I configured the DLP sensor and it sent me a message if I try to upload a file to ftp server and thats ok, but in the services that I selected for examination, I check smtp, pop3 and IMAP, but when I sent a mail with attached file, just sends without problem and I'm using those protocols. Is this configured correctly or is another way? If this is solved with the previous message, I will try.
Thanks for the help
what client and email service you used for the testing? Like i said you will need to block QUIC protocol for google sites.
Just try
1.creating a DLP with file filter selecting all files you want to block, choose action as block.
2.create a policy with only this DLP filter and cert inspection enabled and other settings as per you lan interface - wan
3.drag this straight to the top of all other policies.
since policies are matched top to bottom any traffic matching this policy will be blocked while the rest will pass through it and go to the next policy.
Hi, thanks again for your answer. I did the steps that you describe since the first time an it works with ftp but not with email.
I'm using outlook 2013 and my mail server is with imap.
You probably already have referred this, but still just putting out here. Just in case.
http://video.fortinet.com...and-file-filtering-5-0
Also try this debug commands, log the output to a .log file using putty or any other terminal you use:
diagnose debug application dlp -1 diagnose debug enable
and then generate the traffic by sending non pdf files as in your case.
after the debug session use these to stop and reset it before trying again
diagnose debug reset
diagnose debug disable
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.