BestHub
search
Sign in
Information Security 5 min read

Configuring Email Filtering Policies on USG Firewall

This guide details how to set up USG firewall email filtering to block specific attachment types, limit attachment size, and prevent messages containing prohibited keywords by creating pattern groups, defining a mail‑filter policy, applying it to the outbound interzone firewall view, and verifying the configuration.

Practical DevOps Architecture
Practical DevOps Architecture
Practical DevOps Architecture
Configuring Email Filtering Policies on USG Firewall

The USG device serves as the company’s export gateway, providing Internet access for internal PCs; to regulate employee Webmail usage, the company enforces policies that prohibit sending attachments with the extensions mp3 or avi, attachments larger than 10,000 KB, and email bodies containing the words “game” or “violence”.

First, enable the mail‑filter feature (enabled by default) and configure the necessary network interfaces, security zones, NAT, and routing so internal PCs can access the Internet (configuration steps omitted).

Next, create a public pattern group for attachment extensions named file that precisely matches mp3 and avi :

[USG] pattern-group file type file-extension [USG-pattern-group-fe-file] pattern mp3 [USG-pattern-group-fe-file] pattern avi [USG-pattern-group-fe-file] quit

Create a keyword pattern group named matter to match the prohibited words:

[USG] pattern-group matter type keyword [USG-pattern-group-kw-matter] pattern game [USG-pattern-group-kw-matter] pattern violence [USG-pattern-group-kw-matter] quit

Commit the pattern groups so they become active:

[USG] pattern configure commit

Create the mail‑filter policy abc and bind the previously defined pattern groups to enforce the rules, including a maximum attachment size of 10,000 KB:

[USG] mail-filter policy abc [USG-mail-filter-policy-abc] send-mail attachment extension group file action block [USG-mail-filter-policy-abc] send-mail attachment max-size 10000 action block [USG-mail-filter-policy-abc] send-mail content group matter action block [USG-mail-filter-policy-abc] quit

Apply the mail‑filter policy to the interzone firewall view in the outbound direction, ensuring that all outbound mail from internal PCs is inspected:

[USG] policy interzone trust untrust outbound [USG-policy-interzone-trust-untrust-outbound] policy 1 [USG-policy-interzone-trust-untrust-outbound-1] action permit [USG-policy-interzone-trust-untrust-outbound-1] policy mail-filter abc [USG-policy-interzone-trust-untrust-outbound-1] quit [USG-policy-interzone-trust-untrust-outbound] quit

Finally, verify the configuration by executing display mail-filter policy to view the details of the newly created mail‑filter policy.

firewallinformation securitypolicyUSGattachment controlemail filteringkeyword blocking
Practical DevOps Architecture
Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment