Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dipen
New Contributor III

Created on ‎09-06-2014 11:47 PM

DLP with HTTPS

We have created a DLP Filter to block EXE Files. It is working with HTTP Sites however download of exe' s still happening from HTTPS Sites. Same issue like WebFilter.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
16667
0 Kudos
15 REPLIES 15
netmin
Contributor II

Created on ‎09-07-2014 01:43 AM

This is because DLP attempts to intercept HTTP GET and/or HTTP POST traffic, which is not visible to the sensor without performing deep ssl-inspection.
4856
0 Kudos
Dipen
New Contributor III
In response to netmin

Created on ‎09-07-2014 04:42 AM

So DLP dosent work independent of Web Filter as we define Deep Inspection Scan in Web Filter Policy.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
4812
0 Kudos
cdiaz
New Contributor

Created on ‎09-09-2014 08:49 AM

Then ?? all https traffic is " free" for users??
4856
0 Kudos
jorge9090
New Contributor
In response to cdiaz

Created on ‎09-09-2014 09:01 AM

If the traffic is encripted in a SSL Tunnel, you need to enable SSL inspection, otherwise the FGT doesn' t know whats inside the tunnel and can' t block it. This applies to Web Filter, DLP and APP Control.
4856
0 Kudos
hklb
Contributor II

Created on ‎09-09-2014 08:57 AM

DLP is not dependant of web filter. You can create a firewall rules without web filter, but DLP enabled. If you want to enable DLP, you need : - a proxy profile with correct parameters - DLP profile - DPI if you want to scan encrypted flow (SMTPS, HTTPS, ...) DPI is not only for the web filtering, it is a security feature to improve the efficiency of all other feature (IPS, app control, web filter, dlp, AV, ..)
4856
0 Kudos
cdiaz
New Contributor

Created on ‎10-09-2014 12:20 AM

hklb, you said I need a " proxy profile" . Why? I didn' t see it at documentation. the device use v.5.0 thanks
4812
0 Kudos
Adrian_Buckley_FTNT
Staff
Staff

Created on ‎10-10-2014 07:27 AM

Are you trying to mix flow and proxy based UTM profiles? If so, don' t do that. Use all flow or all proxy based. Logic was added regarding this in 5.0.5
4856
0 Kudos
cdiaz
New Contributor

Created on ‎10-10-2014 09:43 AM

I was doing any test with DPI active: URL web filter works well and i can filter https web sites, but with DLP with file type and file size sensor it didn' t log any file I download from https site. I' m sure DLP is not in flow mode. Web filter is done with the URL filter with wild card. Thanks
4856
0 Kudos
Adrian_Buckley_FTNT
Staff
Staff

Created on ‎10-21-2014 09:12 AM

What firmware version are you using?

 

DLP over HTTPS is broken in early versions of 5.0

4812
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.