Creating Content Filtering Profiles
Use the Unified Threat Management (UTM) policy page to configure content filtering profiles.
Content filtering blocks or permits certain types of traffic based on the MIME type, file extension, and protocol command. The content filter controls file transfers across the device by checking traffic against configured filter lists.
The content filter profile evaluates traffic before all other UTM profiles, except Web Filtering. Therefore, if traffic meets criteria configured in the content filter, the content filter acts first upon this traffic.
You can configure the following types of content filters:
MIME pattern filter—MIME patterns are used to identify the type of traffic in HTTP and MAIL protocols. There are two lists of MIME patterns that are used by the content filter to determine the action to be taken. The block MIME list contains a list of MIME type traffic that is to be blocked. The MIME exception list contains MIME patterns that are not to be blocked by the content filter and are generally subsets of items on the block list.
The exception list has a higher priority than the block list.
Block Extension List—Because the name of a file is available during the transfers, using file extensions is a highly practical way to block or allow file transfers. All protocols support the use of the block extension list.
Protocol Command Block and Permit Lists—Different protocols use different commands to communicate between servers and clients. By blocking or allowing certain commands, traffic can be controlled on the protocol command level. The block or permit command lists are intended to be used in combination, with the permit list acting as an exception list to the block list.
If a protocol command appears on both the permit list and the block list, the command is permitted.
Before You Begin
Read the UTM Overview topic.
Decide what kind of filtering you want for the UTM policy: Web Filtering, Antispam, Antivirus, or Content Filtering.
Review the Content Filtering Profile main page for an understanding of your current data set. See Content Filtering Profile Main Page Fields for field descriptions.
To create a content filtering profile:
- Select Configur > UTM Policy > Content Filtering Profiles.
- Click the + icon to create a new content filtering profile.
- Complete the configuration according to the guidelines provided in Table 1.
- Click Finish. A content filtering profile is created that can be associated with an UTM policy.
Table 1: Content Filtering Profile Settings
Enter a unique name for the content filtering profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.
Enter a description for the content filtering profile; maximum length is 255 characters.
Use the notification options to configure a method of notifying the user when a failure occurs or a virus is detected:
Use content filtering to block specific commands for HTTP, FTP, SMTP, IMAP, and POP3 protocols. Select the following options:
Use the content filter to block other types of harmful files that the MIME type or the file extension cannot control.
Block Content Type—Select from the following types of content blocking (supported only for HTTP):
Use a file extension list to define a set of file extensions to block over HTTP, FTP, SMTP, IMAP, and POP3.
Use content filtering to block or permit special MIME types over HTTP, FTP, SMTP, IMAP, and POP3 connections. Specify the MIME(s) to be blocked or permitted: