Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amrshawky
New Contributor

how to prevent large file from downloading only

i make DLP sensor and map it with a policy to prevent download files large than 500M after apply, user can not download small or large files

1 Solution
CAD

 activate  (Block Oversized File/Email) in porxy option 

     

View solution in original post

7 REPLIES 7
OneOfUs
New Contributor III

Please provide the output of your sensor from the CLI:  

config dlp sensor
    edit "Large-File"
        config filter
            edit 1
                set name "Large-File-Filter"
                set proto smtp pop3 imap http-get http-post mapi
                set filter-by file-size
                set file-size 51240
                set action log-only
            next
        end
    next
end

 https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/DLP/DLP%20examples...   You can also watch to flows to get a better idea why it's failing:   diagnose debug reset diagnose debug enable diagnose debug flow show console enable diagnose debug flow filter addr <source ip> diagnose debug flow trace start 100   To stop the debug: diagnose debug disable diagnose debug reset

nbctcp
New Contributor III

QUESTIONS: 1. since 6.2 DLP disappear from menu. What is alternative method to limit download size 2. will that "debug flow" work in proxy mode? tq

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
Dave_Hall
Honored Contributor

The patch notes only says DLP can only be configured via the CLI.  That to me says it was only removed from the GUI. 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
nbctcp
New Contributor III

I have tried on cli many times. You can create sensor but can't apply to policy
http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
CAD

 activate  (Block Oversized File/Email) in porxy option 

     
nbctcp
New Contributor III

@CAD

Haven't tested but I think you are right

https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-security-profiles/Proxy_Options/Prox...

The location is in Security Profiles/Proxy Options/

But I think that is Global Settings.

Let say I want Director Group have 100MB limit and Staff Group 50MB limit

Is that possible?

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
CAD

yes, just create profile for each group and assign to fwpolicy.

 

 

Labels
Top Kudoed Authors