Description
This article describes how to block file upload when an Excel document contains Social Security Number. The firmware version used in this article is v7.2.10.
Scope
FortiGate.
Solution
Configuration:
Configure DLP Dictionary:
GUI:
Security Profiles -> Data Leak Prevention -> Dictionaries -> Create new -> Type: ssn-us -> OK -> OK.
CLI:
config dlp dictionary
edit "def-ssn-dict"
config entries
edit 1
set type "ssn-us"
next
end
next
end
Configure DLP Sensor:
GUI:
CLI:
config dlp sensor
edit "def-ssn-sensor"
config entries
edit 1
set dictionary "def-ssn-dict"
next
end
next
end
Configure DLP Profile:
GUI:
Security Profiles -> Data Leak Prevention -> Profiles -> Create new.
Type on the Name field -> Select Create new -> Type on the Name field -> Select + on Sensor -> Select def-ssn-sensor -> Select Block under Action -> Select File under Type -> Select on dropdown under File Type -> Select Create.
Type on the Name field -> Select Create new.
Type Pattern: Zip -> Filter type: Type -> File Type: zip -> OK.
Create new -> Type Patter: *.xml -> Filter Type: Pattern -> OK.
Select OK -> Check HTTP-POST -> OK.
CLI:
config dlp filepattern
edit 4
set name "Excel-File"
config entries
edit "zip"
set filter-type type
set file-type zip
next
edit "*.xml"
next
end
next
end
config dlp profile
edit "Block-Excel"
config rule
edit 1
set name "Excel"
set proto http-post
set filter-by sensor
set file-type 4
set sensor "def-ssn-sensor"
set action block
next
end
next
end
Configure Firewall Policy:
CLI:
config firewall policy
edit 8
set name "Excel DLP"
set srcintf "port4"
set dstintf "port1"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set inspection-mode proxy
set ssl-ssh-profile "custom-deep-inspection"
set dlp-profile "Block-Excel"
set nat enable
next
end
Result:
Sample data from dlptest.com.
Access dlptest.com and then upload the file.
A test result showing the upload failed.
