Hi,

Fortigate 50E v 6.0.2

I'm trying to block executable files being uploaded to to an ftp server using DLP but having some issues. I've set the inspection mode to proxy and used the DLP configuration below.

The problem is the file transfers are not blocked but the Fortigate logs indicate they have been blocked. 

Log:

Date/Time       Source   Service   Action   File Name   Filter Index   DLP Extra   Filter Type   Filter   Category De 2 minutes ago  x.x.x.x   FTP        block     putty.exe   1                  ExeBlock5   file-type      file      host:x.x.x.x

Config:

edit "ExeBlock" config filter edit 1 set proto smtp pop3 imap http-get http-post ftp set filter-by file-type set file-type 5 set action block next end

edit 5 set name "ExeBlock5" config entries edit "exe" set filter-type type set file-type exe next end

Any ideas what I'm missing?

Thanks

Dan