Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
caifan125
New Contributor

Blocking upload files

I want to block the exit of all the files of our lan, except pdf files. I configured DLP and it blocks if I want upload files through ftp or if I receive mails from outside, but when I send mails with attached files, they exit without problems, What is happenning? Do I need to do something else in the configuration?

 

Thanks for all.

5 REPLIES 5
Allwyn_Mascarenhas
Contributor

caifan125 wrote:

I want to block the exit of all the files of our lan, except pdf files. I configured DLP and it blocks if I want upload files through ftp or if I receive mails from outside, but when I send mails with attached files, they exit without problems, What is happenning? Do I need to do something else in the configuration?

 

Thanks for all.

basically you want to block email attachments, so for that  use the attachment signatures in application control and set them to block. You will need to use ssl cert inspection and install the ssl_proxy cert on client machines.

 

For google sites you must block their quic protocol as well.

 

 

caifan125

Thank you for your answer, but I think I was not clear. The idea is that the only thing that can be upload out of our network are pdf files. Like I said before, I configured the DLP sensor and it sent me a message if I try to upload a file to ftp server and thats ok, but in the services that I selected for  examination, I check smtp, pop3 and IMAP, but when I sent a mail with attached file, just sends without problem and I'm using those protocols. Is this configured correctly or is another way? If this is solved with the previous message, I will try.

 

Thanks for the help

Allwyn_Mascarenhas

what client and email service you used for the testing? Like i said you will need to block QUIC protocol for google sites.

 

Just try

1.creating a DLP with file filter selecting all files you want to block, choose action as block.

2.create a policy with only this DLP filter and cert inspection enabled and other settings as per you lan interface - wan

3.drag this straight to the top of all other policies.

 

since policies are matched top to bottom any traffic matching this policy will be blocked while the rest will pass through it and go to the next policy.

 

 

caifan125

Hi, thanks again for your answer. I did the steps that you describe since the first time an it works with ftp but not with email.

I'm using outlook 2013 and my mail server is with imap.

Allwyn_Mascarenhas

You probably already have referred this, but still just putting out here. Just in case.

 

http://video.fortinet.com...and-file-filtering-5-0

 

Also try this debug commands, log the output to a .log file using putty or any other terminal you use:

 

diagnose debug application dlp -1 diagnose debug enable

 

and then generate the traffic by sending non pdf files as in your case.

 

after the debug session use these to stop and reset it before trying again

diagnose debug reset

diagnose debug disable

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors