Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Iescudero
Contributor II

Filter file type when is compressed

Hi everyone! 

I need to solve how can block certain types of files,  executables most, like .bat, .com, .exe, but when this type of files are compressed in a .zip, .rar or in a .cab.

Antivirus daemon can perform this in any FortiOS platform?

At this time i have two Fortigate 110C in a HA Cluster, with FortiOS v4.0,build0356,130221 (MR2 Patch 15).

 

Thanks to all!

10 REPLIES 10
iJake
Contributor

Sounds to me like you'll be better served with DLP rather than AV for this. With DLP you can block file extensions.

 

You can use wildcards in the name or select specific file types. The FortiGate will examine archived files and act accordingly.

......

-Jake

...... -Jake
Iescudero

Hi, Thanks for your repply!

With Antivirus or DLP i can block certain types of files, but i need block it when the file is compressed.

in example, i want to block *.exe files, then an user send a .exe file compressed in a .zip or .rar, then i want to the fortigate block this .zip but only when contain a .exe file.

i hope that you understand now.

Sorry for my bad english.

Thanks again!

iJake
Contributor

Do you want them to send an exe if it's not compressed??

 

If you block .exe using DLP, it should block this whether it's zipped/archived or not. The FortiGate should inspect Zipped packets with DLP enabled and block a .zip/.rar containing a .exe

......

-Jake

...... -Jake
Iescudero
Contributor II

thats exactly what i want!!! now im gonna read about DLP.

do you have some info, link or any ideas to share with me?

 

Thanks again!

iJake
Contributor

It's not too stressing to configure - so long as its licensed and enabled under "Features"

I've attached a snapshot of the sensor configuration, not much to it.

 

Security Profiles > DLP > Select/Create Profile > Create new Sensor > Filter "Files" and select the file type and the action

You'll then need to apply it to the IPv4 Policy defining the traffic you want it to match.

 

 

......

-Jake

...... -Jake
Iescudero

Thanks!!

iJake
Contributor

No problem. Let us know how it goes.

......

-Jake

...... -Jake
vmartin_FTNT
Staff
Staff

There's also a Cookbook recipe about using DLP that you can find here: http://cookbook.fortinet.com/preventing-data-leaks/ In step 3, it talks about blocking .exe files.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

Iescudero
Contributor II

Thanks to all! it works with exe files, and its fine, but also we need to block .scr files, and in this case is not working.

Is there a chance to custom the file type? or any solution would be appreciate.

 

Thanks!!

Labels
Top Kudoed Authors