Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CAD
Contributor

is it possible to know from logs if someone sent file from web based emails

Hello,

 

I have some issue , our management have doubt there is some users sending some confidential data out through their personal account , is any possibility know this files from the logs.

 

I am in trouble please help me.

 

Thank in advance

7 REPLIES 7
neonbit
Valued Contributor

Yes it is possible (depending on the email service) but you will need to enable SSL deep inspection to scan the traffic and have application control enabled. Once done you will be able to see any attachments sent.

 

The following mail services to see attachments are available as per 5.6.3:

 

AIM webmail Daum Gmail KBS Outlook Nate Squirrel Yahoo

CAD

Thank you noenbit for response,

 

I have enabled Deep SSL inspection and application control enabled to the fwpolicy.

I want see the attachments was sent from Gmail, yahoo, hotmail.

 

Note: I have FG200D running 5.2.13

 

 

Thanks

CAD
Contributor

I am able to see the attachments was blocked , because i have added attachment signature to app control profile.

Although i have enabled log all session.

 

I have sent many files from my gmail but i am not able to see this files in the logs.

 

Thanks

neonbit
Valued Contributor

Ahh you're running 5.2. To be honest I can't remember if this feature was added in 5.2 or 5.4 (haven't used 5.2 in years now).

 

In 5.4 the feature is called Cloud Access Security Inspection and it's found under security profiles. In 5.6 this has been merged with the standard application profiles.

CAD

Thank you neonbit for reply

i need someone to confirm if  this feature available in firmware 5.2.

 

Thanks 

Markus
Valued Contributor

In 5.2.13 there are Signatures for Gmail, but no difference between Signatures/Cloud Signatures as in 5.6.3. You can check it in Email Category of Application Control. We don't check Emails deep, so not sure if it is working as you expect. You have to try. Good luck


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
Markus
Valued Contributor

It's definitely available, you have to enable deep inspection of cloud applications.


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors