Blocking files in firewall traffic, Adding file patterns to block – Fortinet FortiGate 4000 User Manual

284

Fortinet Inc.

File blocking

Antivirus protection

By default, when blocking is enabled, the FortiGate unit blocks the following file
patterns:

• executable files (*.bat, *.com, and *.exe)
• compressed or archive files (*.gz, *.rar, *.tar, *.tgz, and *.zip)
• dynamic link libraries (*.dll)
• HTML application (*.hta)
• Microsoft Office files (*.doc, *.ppt, *.xl?)
• Microsoft Works files (*.wps)
• Visual Basic files (*.vb?)
• screen saver files (*.scr)

Blocking files in firewall traffic

Use content profiles to apply file blocking to HTTP, FTP, POP3, IMAP, and SMTP
traffic controlled by firewall policies.

To block files in firewall traffic

1

Select file blocking in a content profile.
See

“Adding content profiles” on page 224

.

2

Add this content profile to firewall policies to apply content blocking to the traffic
controlled by the firewall policy.
See

“Adding content profiles to policies” on page 226

.

Adding file patterns to block

To add file patterns to block

1

Go to Anti-Virus > File Block.

2

Select New.

3

Type the new pattern in the File Pattern field.
You can use an asterisk (*) to represent any characters and a question mark (?) to
represent any single character. For example, *.dot blocks Microsoft Word template
files and *.do? blocks both Microsoft Word template files and document files.

4

Select the check box beside the traffic protocols for which you want to enable blocking
of this file pattern.

5

Select OK.