I have a Fortigate 40F running v7.2.2 and I am trying to configure a DLP profile to block downloads of files 100MB or larger. This profile is applied to a proxy policy.
I've been testing the profile with various sizes of downloads and it doesn't appear to be blocking the download correctly. I got some downloads blocked but the size-file value doesn't seem to be right, it's set in kB but doesn't seem to relate to the actual file size. Below is the profile config
config dlp profile edit "Block100" set feature-set proxy config rule edit 1 set name "Block100MB" set proto smtp pop3 http-get http-post ftp nntp cifs set file-size 102400 set action block
I've been testing different file-size values and it doesn't seem to work correctly. The value is kB, so 102400 should block anything above 100Mb, however it isn't.
Is there any config I've missed? Alternatively is there any other way of blocking downloads of files of a certain size in v7.2.2?
Hi J, do you have SSL deep-inspection applied to the firewall policy? I am guessing most likely almost all sites are encrypted and running on HTTPS, so therefore it will not works without deep-inspection?
Actually I think I've found a solution to this, creating Protocol Options profiles (Policy & Objects > Protocol Options) and in there you can configure the threshold for blocking oversize files and emails. I need to test this out though.
Not sure whether this has an impact on the size of files that will be scanned by av though, which is 10mb by default I believe.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.