Files uploaded through CloudSOC Gatelets that exceed the Content Inspection engine's maximum size limit are typically sent in a pass-through state (fail open) without deep content scanning. Customers require a method to enforce a fail-closed posture by actively blocking these large file transfers, thereby aligning data transfer policy with the content inspection capabilities.

• Broadcom CloudSOC/CASB (SaaS Application Security)
• Gatelet (API-mode) deployments for any supported application (e.g., Slack, Box, OneDrive, SharePoint)
• CloudSOC Native PROTECT Policies

The Content Inspection engine is designed to fail-open when a file's size exceeds its configured processing capacity or size limit. This default behavior prevents delays or failures in large transfers but bypasses the content scan.

Implement a CloudSOC Native PROTECT Policy configured to specifically block file transfers that exceed the Content Inspection engine's size limit.

1. Log in to the CloudSOC Portal.
2. Navigate to Policies > PROTECT.
3. Create a New Policy or edit an existing one.
4. Under the Policy Scope, set the Policy Type to Data Transfer via Gatelets.
5. Set the Data Transfer Type to File.
6. Under Conditions, define the File Properties:
   • Configure the rule as Larger than X MB. Important Note: The value for X must be set to the specific, current Content Inspection size limit (e.g., 30MB or 100MB). Always confirm the latest official limit on knowledge.broadcom.com or techdocs.broadcom.com before implementation.
7. Set the Response action to Block Data Transfer.
8. Ensure the policy is enabled and applied to the relevant Gatelet application(s).

This policy acts as a compensating control, preventing files that are too large for content inspection from being transferred.