|
Note:
ADLP license is required.
In GUI:
- Go to System -> Feature Visibility and enable Data Loss Prevention.
- Go to Security Profiles -> Data Loss Prevention -> Dictionaries, and create a New DLP Dictionary using the 'regex' DLP Data Type.
In this example, traffic that contains a 12-digit card pattern is blocked.
Regex Pattern A: (?:\d[ -]*?){12} - 12 digit card number that contains spaces and dashes in between where {12} represents the number of digits.
example:
000123456789
0001 2345 6789
0001-2345-6789
Regex Pattern B: 9[0-9]{5}(?:-[0-9]{2})(?:-[0-9]{4}) - 12 digit card number that starts with 9 in 6-2-4 format that has dashes in between.
example:
901234-56-7890
- Go to Security Profiles -> Data Loss Prevention -> Sensors, select Create New, and then select the DLP dictionary created in Step 2.
- Go to Security Profiles -> Data Loss Prevention -> Profiles, select Create new then create a rule and apply the Sensor.
- Create a Firewall Policy and apply the DLP Profile.
DLP works in flow-based and proxy-based inspection modes.
To check which protocols can be inspected by DLP based on the specified inspection modes, refer to:
Data loss prevention
In CLI:
Fortigate # config dlp dictionary
Fortigate (dictionary) # edit "12 digit card"
config entries
edit 1
set type "regex"
set pattern "9[0-9]{5}(?:-[0-9]{2})(?:-[0-9]{4})"
next
end
next
end
Fortigate # config dlp sensor
Fortigate (sensor) # edit "Test-Sensor"
config entries
edit 1
set dictionary "12 digit card"
next
end
next
end
Fortigate # config dlp profile
Fortigate (profile) # edit "Test-Profile"
set feature-set proxy
config rule
edit 1
set name "Test-Rule"
set type message
set proto smtp pop3 imap http-post nntp mapi
set filter-by sensor
set sensor "Test-Sensor"
set action block
next
end
next
end
Testing:
The user tries to send an email that contains credit card information and gets blocked.
|
