Description | This article describes how to block a file based on any pattern using DLP(Data Leak Prevention). |
Scope | FortiGate v7.2. |
Solution |
Data Leak Prevention is not enabled by default. It has to be enabled from the Feature Visibility under Settings. Once this is enabled, the DLP feature would be visible under Security Profiles
1) Dictionary for the pattern has to be created first.
# config dlp dictionary
2) Configure the sensor for the dictionary created.
# config dlp sensor
3) Create the DLP Profile.
# config dlp profile
4) Use the DLP profile created in an IPv4 policy.
# config firewall policy
5) To view the logs, go to Log & Report -> Security Events -> DLP. Sample log for the above configuration:
date=2023-05-01 time=10:33:48 eventtime=1682930028111513197 tz="+0200" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root"
The above logs were generated while trying to upload a doc file to a Gmail attachment with the 'test' word included in the doc more than 4 times. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.