FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
RBA
Staff
Staff
Article Id 218277
Description This article describes how to block Aadhaar and PAN number using regular expressions.
Scope  
Solution

Aadhaar is a 12 digit number with first digit not either 0 or 1.

It contains white space after every 4 digits and contains no alphabets.

 

Below regular expression can be used to identify Aadhaar:


^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$ <----- (^ Start of string, $ end of string).

 

PAN is 10 characters long, with first 5 characters and tenth character being upper case alphabets.

Sixth to ninth character would be any number between 0-9.

 

Below regular expression can be used for PAN:


[A-Z]{5}[0-9]{4}[A-Z]{1}

 

Configuration would be as below:

 

# config dlp sensor
    edit "PanAadhaarTest"
        set feature-set proxy
        config filter
            edit 1
                set name "PanPattern"
                set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
                set filter-by regexp
                set regexp "[A-Z]{5}[0-9]{4}[A-Z]{1}"
                set action block
            next
                edit 2
                    set name "AadhaarPattern"
                    set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
                    set filter-by regexp
                    set regexp "^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$"
                    set action block
                next
                    set extended-log enable
            next
    end

 

Logs can be viewed on CLI using below command:

 

# execute log filter category
# execute log filter category 9
# execute log display

 

Sample log on firewall will look as below:

 

date=2022-07-14 time=06:33:35 eventtime=1657773215509591580 tz="+0200" logid="0954024576" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" filteridx=1 filtername="PanPattern" dlpextra="[A-Z]{5}[0-9]{4}[A-Z]{1}" filtertype="regexp" filtercat="file" severity="medium" policyid=510 poluuid="cecaa58e-fa03-51ec-bcea-8657ec4be58c" policytype="policy" sessionid=41039178 epoch=245069 eventid=0 srcip=172.31.x.x srcport=50048 srccountry="Reserved" srcintf="port2" srcintfrole="lan" srcuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" dstip=88.99.68.112 dstport=443 dstcountry="Germany" dstintf="port1" dstintfrole="undefined" dstuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" proto=6 service="HTTPS" filetype="unknown" direction="outgoing" action="block" hostname="convertioxx.me" url="edited out" agent="Chrome/102.0.0.0" filename="pantest.pdf" filesize=11 profile="PanAadhaarTest"

 

Note.

Inspection mode in policy has to be set to proxy.

Contributors