Enable DLP in Web explicit

amateolo · ‎03-28-2016

Hello, I need to block .exe files download and I have seen that with DLP possible without proxy. The problem is, we have implemented explicit proxy, not me DLP option appears. How I can apply DLP on explitic proxy? Attached image. Firmware version V5.4.0,

Jeff_FTNT · ‎03-28-2016

Hi,

You may try to go to GUI:System->Feature Select-> DLP, enable DLP

Explicit Proxy Policy will show up DLP options, thanks.

amateolo · ‎03-28-2016

Hi,

Thank you Jeff but this is enable and not see it.

Attached picture.

Regards

PD: there is another way to block the downloading of exe files?

Jeff_FTNT · ‎03-28-2016

I have FortiGate-100D v5.4.0,build1011, it is works for me.

You may try set up from CLI: config firewall explicit-proxy-policy /edit xx/set utm enable/set dlp-sensor default/end

If CLI does not have DLP, may be other cause. Thanks.

amateolo · ‎03-28-2016

Thank you,

I do not have much experience with the CLI, how little work has been fortinet GUI.

I'll try, this config is in my vdom o global config?

Jeff_FTNT · ‎03-28-2016

From your screen shot, it look you enable VDOM , so enter VDOM and set up "config firewall explicit-proxy-policy".

amateolo · ‎04-05-2016

hi, it works !!

What I have seen is another problem, I have blocked all .exe DLP, but it does not work or windows update or mcafee signatures

How could realiar execepciones for everything coming from the URL and mcafee microsoft work?

Thank you!!

Jeff_FTNT · ‎04-05-2016

Block URL you may need set up "webfilter " , thanks.

amateolo · ‎04-05-2016

The problems is .exe download windows update and DLP sensor is block this file.

To create an exception and not block me .exe Windows Update, created a web filter exemp of *windowsupdate* wildcart?

It is correct?

Jeff_FTNT · ‎04-05-2016

So you want block *.exe file but permit "mcafee microsoft update" ?

You may create more policy to permit "mcafee microsoft update" , then fail down to bottom policy to block "*.exe " file. Thanks.