Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎10-31-2019 07:29 AM Edited on ‎06-06-2025 04:06 AM By Moderator

Article Id 192440

Technical Tip: DLP feature not available on FortiGate GUI

Description


This article explains that the DLP option is no more available on the GUI and cannot be made visible on the GUI using the CLI.
That is, under 'config system settings', there is no option as - 'set gui-dlp enable'.

 

 
 
Config system settings:
 
set opmode nat
set ngfw-mode profile-based
set consolidated-firewall-mode disable
set http-external-dest fortiweb
set firewall-session-dirty check-all
set bfd disable
set utf8-spam-tagging enable
set wccp-cache-engine disable
set vpn-stats-log ipsec pptp l2tp ssl
set vpn-stats-period 600
set v4-ecmp-mode source-ip-based
set snat-hairpin-traffic enable
set dhcp-proxy disable
set central-nat disable
set lldp-reception global
set lldp-transmission global
set link-down-access enable
set asymroute disable
set asymroute-icmp disable
set tcp-session-without-syn disable
set ses-denied-traffic disable
set strict-src-check disable
set allow-linkdown-path disable
set asymroute6 disable
set asymroute6-icmp disable
set sctp-session-without-init disable
set sip-expectation disable
set sip-nat-trace enable
set status enable
set sip-tcp-port 5060
set sip-udp-port 5060
set sip-ssl-port 5061
set sccp-port 2000
set multicast-forward enable
set multicast-ttl-notchange disable
set allow-subnet-overlap disable
set deny-tcp-with-icmp disable
set ecmp-max-paths 255
set discovered-device-timeout 28
set email-portal-check-dns enable
set default-voip-alg-mode proxy-based
set gui-icap disable
set gui-implicit-policy enable
set gui-dns-database disable
set gui-load-balance disable
set gui-multicast-policy disable
 
Scope
 
FortiGate.


Solution


However, it is possible to enable the DLP feature for the specific policy by using the CLI.

Use the following commands to validate the DLP configuration:

 

config dlp file pattern
show full
end

config dlp sensor
show full
end

 

On the policy, it is possible to enable the DLP sensor.

 

config firewall policy
    edit <policy id>
        set dlp-sensor ''
end

 

Since FortiOS v7.2.4 GA and higher DLP profiles is re-introduced in the GUI.

DLP can be enabled in GUI or CLI:

DLP.JPG


config system settings
    set gui-dlp-profile enable
end

On the new version, to enable the DLP profile on the firewall policy, use the following command:

config firewall policy
    edit <policy id>
        set dlp-profile ' '
end
 
Find more information in Changes in GUI behavior - FortiOS 7.2.4 release notes.

Note: In the newer FortiGate versions, such as v7.4.x and v7.6.x, the DLP option is not available under Security Profiles and Feature Visibility to access from the GUI.

To configure Data Loss Prevention UTM on FortiGate firewall policies, add /utm/dlp to the URL or IP address used to access FortiGate.

When multiple VDOMs are enabled, the VDOM name may need to be specified in the URL /utm/dlp?vdom=<vdom name>.

For example, the URL used to access DLP using the GUI is https://10.5.210.81/utm/dlp.

dlpppp.png

Labels:
7939
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.