| Description | This article describes that it is not possible to create a DLP profile without the DLP sensor in the firewall GUI because it is a mandatory field in the GUI. |
| Scope | FortiGate. |
| Solution |
For certain configurations, the DLP profile should be configured without DLP sensors. The example scenario is to block the few/all file types with file size but not with the 'keywords or patterns' ( DLP Sensor).
For the example scenario, cannot add the DLP Sensor to the DLP profile rules.
While trying to create the rule in the DLP Profile, getting the following error in the firewall GUI as shown below screenshot since the DLP sensor is one of the mandatory fields on the GUI.
To overcome this issue, configure the DLP profile using FortiGate CLI.
Refer to the below KB articles for the CLI configuration for the DLP configuration: Technical Tip: How to block the 3mb file or larger file using DLP on the FortiGateTechnical Tip: Configure Data Leak/Loss Prevention (DLP) |
