Technical Tip: FortiGuard DLP sensors and dictionaries are not populating on FortiGate

kdharan · ‎12-31-2024

Description

This article describes the possible reasons why FortiGate is not populated, the FortiGuard DLP sensors, and dictionaries.

Scope

FortiGate v7.4.x.

Solution

FortiGuard DLP is a Licence feature. So check that FortiGate has a DLP license.

Check the connectivity to FortiGuard servers by referring to this KB article: Troubleshooting Tip: Unable to connect to FortiGuard servers.
Check the 'update-dldb' is enabled on the device if not enable it. By default, it is enabled.

To enable the update-dldb:

config system fortiguard
set update-dldb enable
end

When enabled, the DLP database (DLDB) is downloaded to the FortiGate and its predefined patterns can be configured in DLP profiles.
Check the DLP Signature DB using 'diagnose autoupdate versions'.
To verify the database signature status:

diagnose autoupdate versions | grep -A6 DLP
DLP Signature

---------

Version: 1.00010

Contract Expiry Date: Thu Nov 13 2025
Last Updated using scheduled update on Tue Dec 24 10:49:59 2024
Last Update Attempt: Tue Dec 31 10:19:12 2024
Result: No Updates

Now the FortiGuard DLP will be available on the DLP sensor list. To verify, Select 'Security Profiles' -> 'Data Loss Prevention' -> 'Sensors'.

To verify the dlp sensor and dictionary:

get dlp dictionary
== [ fg-aus-abn-dict-high ]
name: fg-aus-abn-dict-high
== [ fg-aus-abn-dict-low ]
name: fg-aus-abn-dict-low
== [ fg-aus-abn-dict-med ]
name: fg-aus-abn-dict-med
..........................

Entries managed by FortiGuard are visible:

Note:

This FortiGuard DLP feature is available from v7.4.x.

Related document:

FortiGuard DLP service

Technical Tip: FortiGuard DLP sensors and dictionaries are not populating on FortiGate

You are leaving our website