Description |
This article describes how to fix an issue where the DLP fingerprint does not block sensitive files by correctly configuring sensitivity in the DLP fingerprint database. |
Scope | FortiGate. |
Solution |
DLP fingerprinting can be configured to detect sensitive files. The file that the DLP sensor will filter when uploaded requires setting the sensitivity via fp-doc-source.
FortiGate needs to access the file server to create a DLP fingerprint by following these steps:
config dlp fp-doc-source edit "test" set file-path "/fingerprint/upload/" set sensitivity "Critical"
In Fingerprints, the sensitivity is different from that created by fb-doc-source in the DLP profile. It will not block the file if the DLP profile has a different sensitivity.
edit "test" set sensitivity "private" <- It is different from the value in fp-doc-source. set action block
After, it will show the sensitivity as zero.
FGT # diagnose test application dlpfingerprint 3 To check the fingerprint database with the following command
Make sure the sensitivity is the same on the DLP profile as it is in fp-doc-source.
FGT # diagnose test application dlpfingerprint 3 File DB: --------------------------------------- id, filename, vdom, archive, deleted, scanTime, docSourceSrvr, sensitivity, chunkCnt, reviseCnt, 1, /fingerprint/upload/1.txt, root, 0, 0, 1494868196, 1, 2, 1, 0, 2, /fingerprint/upload/30percentage.xls, root, 0, 0, 1356118250, 1, 2, 13, 0, 3, /fingerprint/upload/50.pdf, root, 0, 0, 1356118250, 1, 2, 122, 0,
If the sensitivity level change is not reflected after adjusting it from one level to another, try rebooting the device and checking again.
For full configuration steps, refer to the documentation. |