Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amrshawky
New Contributor

Created on ‎08-17-2019 03:25 PM

how to prevent large file from downloading only

i make DLP sensor and map it with a policy to prevent download files large than 500M after apply, user can not download small or large files

12919
0 Kudos
1 Solution
CAD
Contributor
In response to nbctcp

Created on ‎02-01-2020 11:14 PM

 activate  (Block Oversized File/Email) in porxy option 

     

View solution in original post

9960
0 Kudos
7 REPLIES 7
OneOfUs
New Contributor III

Created on ‎08-21-2019 06:14 AM

Please provide the output of your sensor from the CLI:  

config dlp sensor
    edit "Large-File"
        config filter
            edit 1
                set name "Large-File-Filter"
                set proto smtp pop3 imap http-get http-post mapi
                set filter-by file-size
                set file-size 51240
                set action log-only
            next
        end
    next
end

 https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/DLP/DLP%20examples...   You can also watch to flows to get a better idea why it's failing:   diagnose debug reset diagnose debug enable diagnose debug flow show console enable diagnose debug flow filter addr <source ip> diagnose debug flow trace start 100   To stop the debug: diagnose debug disable diagnose debug reset

9883
0 Kudos
nbctcp
New Contributor III
In response to OneOfUs

Created on ‎01-31-2020 10:57 AM

QUESTIONS: 1. since 6.2 DLP disappear from menu. What is alternative method to limit download size 2. will that "debug flow" work in proxy mode? tq

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

 

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
9884
0 Kudos
Dave_Hall
Honored Contributor
In response to nbctcp

Created on ‎01-31-2020 12:17 PM

The patch notes only says DLP can only be configured via the CLI.  That to me says it was only removed from the GUI. 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
DLP removed in 6.2.2.jpg
Preview file
39 KB
9884
0 Kudos
nbctcp
New Contributor III
In response to Dave_Hall

Created on ‎01-31-2020 06:10 PM

I have tried on cli many times. You can create sensor but can't apply to policy

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

 

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
9884
0 Kudos
CAD
Contributor
In response to nbctcp

Created on ‎02-01-2020 11:14 PM

 activate  (Block Oversized File/Email) in porxy option 

     
9961
0 Kudos
nbctcp
New Contributor III
In response to CAD

Created on ‎02-02-2020 04:25 AM

@CAD

Haven't tested but I think you are right

https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-security-profiles/Proxy_Options/Prox...

The location is in Security Profiles/Proxy Options/

But I think that is Global Settings.

Let say I want Director Group have 100MB limit and Staff Group 50MB limit

Is that possible?

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

 

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
9884
0 Kudos
CAD
Contributor
In response to nbctcp

Created on ‎02-02-2020 04:44 AM

yes, just create profile for each group and assign to fwpolicy.

 

 

9884
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.