FortiGate Supported File Types and Configuration Guide
Description: Supported File Types
When it comes to network security, blocking unauthorized file types is crucial. FortiGate offers file filter features that allow you to block files based on their type using metadata, without relying on file size or content. For more granular control, Data Loss Prevention (DLP) profiles can be configured to block files based on size or specific content such as SSN numbers, credit card numbers, or regular expressions.
The following file types are supported in FortiGate’s file filter and DLP profiles:
- .net: Match .NET files
- 7z: Match 7-Zip files
- activemime: Match ActiveMime files
- arj: Match ARJ compressed files
- aspack: Match ASPack files
- avi: Match AVI files
- base64: Match Base64 files
- bat: Match Windows batch files
- binhex: Match BinHex files
- bmp: Match BMP files
- bzip: Match Bzip files
- bzip2: Match Bzip2 files
- cab: Match Windows CAB files
- chm: Match Windows compiled HTML help files
- class: Match CLASS files
- cod: Match COD files
- crx: Match Chrome extension files
- dmg: Match Apple disk image files
- elf: Match ELF files
- exe: Match Windows executable files
- flac: Match FLAC files
- fsg: Match FSG files
- gif: Match GIF files
- gzip: Match Gzip files
- hlp: Match Windows help files
- hta: Match HTA files
- html: Match HTML files
- iso: Match ISO archive files
- jad: Match JAD files
- javascript: Match JavaScript files
- jpeg: Match JPEG files
- lzh: Match LZH compressed files
- mach-o: Match Mach object files
- mime: Match MIME files
- mov: Match MOV files
- mp3: Match MP3 files
- mpeg: Match MPEG files
- msi: Match Windows Installer MSI files
- msoffice: Match MS-Office files (e.g., DOC, XLS, PPT)
- msofficex: Match MS-Office XML files (e.g., DOCX, XLSX, PPTX)
- pdf: Match PDF files
- petite: Match Petite files
- png: Match PNG files
- rar: Match RAR archives
- rm: Match RM files
- sis: Match SIS files
- tar: Match TAR files
- tiff: Match TIFF files
- torrent: Match torrent files
- unknown *: Match unknown files (only available in DLP profiles)
- upx: Match UPX files
- uue: Match UUE files
- wav: Match WAV files
- wma: Match WMA files
- xar: Match XAR archive files
- xz: Match XZ files
- zip: Match ZIP files
How to Configure File Filters and DLP Profiles
Configuring file filters and DLP profiles on your FortiGate device enhances your network security by blocking unwanted or potentially harmful files. Follow these steps to make the configurations:
Step 1: Access FortiGate GUI
Log in to your FortiGate device’s GUI using your admin credentials.
Step 2: Navigate to Security Profiles
Go to Security Profiles and select File Filter.
Step 3: Create/Modify File Filter Profile
Create a new File Filter profile or modify an existing one. Here, you can specify which file types to block. Use the list above to choose file types that need to be blocked based on your security policy.
Step 4: Apply File Filter to Firewall Policy
Go to Policy & Objects and select IPv4 Policy. Apply the File Filter profile in the relevant firewall policy.
Step 5: Configure DLP Profile (If Needed)
If you need more granular control, navigate to Security Profiles and select DLP. Create or modify a DLP profile to include patterns for content scanning, such as Social Security Numbers or credit card information.
Step 6: Apply DLP Profile to Firewall Policy
As with the File Filter profile, go to Policy & Objects and select IPv4 Policy. Apply the DLP profile in the relevant firewall policy.
By following these steps, you can enhance your network security by blocking unwanted file types and sensitive content from entering or leaving your network.
For more information, visit the official FortiGate documentation on supported file types.