Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dipen
New Contributor III

DLP with HTTPS

We have created a DLP Filter to block EXE Files. It is working with HTTP Sites however download of exe' s still happening from HTTPS Sites. Same issue like WebFilter.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
15 REPLIES 15
netmin
Contributor II

This is because DLP attempts to intercept HTTP GET and/or HTTP POST traffic, which is not visible to the sensor without performing deep ssl-inspection.
Dipen
New Contributor III

So DLP dosent work independent of Web Filter as we define Deep Inspection Scan in Web Filter Policy.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
cdiaz
New Contributor

Then ?? all https traffic is " free" for users??
jorge9090

If the traffic is encripted in a SSL Tunnel, you need to enable SSL inspection, otherwise the FGT doesn' t know whats inside the tunnel and can' t block it. This applies to Web Filter, DLP and APP Control.
hklb
Contributor II

DLP is not dependant of web filter. You can create a firewall rules without web filter, but DLP enabled. If you want to enable DLP, you need : - a proxy profile with correct parameters - DLP profile - DPI if you want to scan encrypted flow (SMTPS, HTTPS, ...) DPI is not only for the web filtering, it is a security feature to improve the efficiency of all other feature (IPS, app control, web filter, dlp, AV, ..)
cdiaz
New Contributor

hklb, you said I need a " proxy profile" . Why? I didn' t see it at documentation. the device use v.5.0 thanks
Adrian_Buckley_FTNT

Are you trying to mix flow and proxy based UTM profiles? If so, don' t do that. Use all flow or all proxy based. Logic was added regarding this in 5.0.5
cdiaz
New Contributor

I was doing any test with DPI active: URL web filter works well and i can filter https web sites, but with DLP with file type and file size sensor it didn' t log any file I download from https site. I' m sure DLP is not in flow mode. Web filter is done with the URL filter with wild card. Thanks
Adrian_Buckley_FTNT

What firmware version are you using?

 

DLP over HTTPS is broken in early versions of 5.0

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors