Technical Tip: DLP Fingerprint CLI on Flow mode only devices
| Description | This article describes an issue that is observed on FortiGate models which has less than 2 GB of RAM running FortiGate v7.4.4 to v7.6.2, where the DLP fingerprint-related CLI option is still available in the config despite these models not supporting proxy-based UTM features. |
| Scope | FortiGate v7.4.4, v7.6.2. |
| Solution | Starting from v7.4.4 and above, all the proxy-based features have been removed from the 2GB RAM FortiGate models.
Note: 2 GB RAM FortiGate models no longer support FortiOS proxy-related features.
Fingerprint-based DLP is a proxy-based feature and should not be visible or can be used in flow mode only systems.
Endeavour-kvm65 # config dlp fp-doc-source ---> Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. To solve this issue, if the FortiGate is in v7.6.0 or above, make sure the FortiGate is upgraded to v7.6.3.
Once the FortiGate is upgraded, the commands 'config dlp fp-doc-source and config dlp sensitivity' are removed as both are proxy-based features.
Related documents: Proxy-related features no longer supported on FortiGate 2 GB RAM models v7.4.4 |