Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kgeorge
Staff
Staff

Created on ‎07-30-2024 04:29 AM Edited on ‎07-30-2024 04:32 AM By Community Manager

Article Id 329034

Technical Tip: How to configure Data Loss Prevention (DLP) in FortiSASE - content blocking and file extension formats

Description

 

This article describes how to configure Data Loss Prevention (DLP) in FortiSASE, including content blocking and file extension formats.

 

Scope

 

FortiSASE.

 

Solution

 

There are two options available while configuring DLP.
One option is to block the contents within the document files, such as downloaded files or email attachments, and the other option is to block contents related to messages like email messages or even a web page.

 

This article will illustrate how to block keywords such as, for example, 'tanks' and 'missiles'.

 

  1. On the FortiSASE portal, go to Configuration -> Security.

  2. On the top right under Profile Group, create a New Entry and select it.

 

Config-Security.png

  1. All Security Profiles should be disabled.

  2. Enable Data Loss Prevention (DLP) and select Customize.

 

DLP_Profile.png

  1. Select Create New and enter a Name.

  2. In the New Rule page, for Sensor, select the drop-down menu and select the '+' sign.

NewRule.png

  1. In the New/Edit DLP Sensor page, select Any for Entry matches needed to trigger the sensor and select Create.

 

DLP_Sensor.png

  1. In the New Entry page, for Dictionary, select Drop and select the '+' to open the New DLP Dictionary page

 

DLP_Dictionary.png

 

  1. There, enter a Name, select Any for Entries to evaluate, and select Create.

  2. Select the Keyword for Type and enter 'missile' for the Pattern. Keep Case Sensitive and Repeat enabled if desired, and select OK

NewEntry_Dictionary.png

  1. Repeat steps 9 and 10 to create another entry for 'tanks', as well as for any different entries desired.

  2. Select OK on each page until the New Rule page appears. There, choose the desired value for Severity, set the Action to Block, set the Type to File or Messageand add any required Protocols. To add more file extension types that are not on the list for the DLP (Data Loss Prevention) Profile, refer to Technical Tip: How to add file extension types that are not in the list for DLP (Data Loss Preventio....

 

  1. Once this is done, go to SSL Inspection and enable Deep Inspection.

  2. Download the Certificate and import it to users' machines under the Trusted Root Authority Folder. 

Notes:

  • In Step 10 above, when using Keyword for Type, FortiGate will block the Contents of the Files and email attachments containing those words. When using the Regex option, avoid using the File Type in Step 12. Using File will result in FortiGate blocking all of the file types related to the extensions used and will ignore the Sensor.
  • The file should only be supplied as Type when the Keyword option is used for DLP Dictionary Entries, as it will match and take action based on the contents of the documents.
340
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.