| Description |
This article describes how to filter files with watermarked when those are sent over secure websites.
Relate document: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/581444/dlp-watermarking |
| Scope |
FortiGate v7.0.9. |
| Solution |
Topology:
LAN-User ===> FGT ===| Internet (Gmail)
1) Follow the link mentioned above to apply a watermark over the file to block.
2) Be sure the firewall policy works in 'proxy-mode' (set inspection-mode proxy).
3) DLP-Sensor works in the website (by URL or category) is under inspection (Monitor).
4) Be sure to configure deep-inspection over firewall policy.
Example CLI:
config dlp sensor edit "delfa" set feature-set proxy config filter edit 1 set name "DELFA_DLP" set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs set filter-by watermark set company-identifier "DELFA_DLP" set sensitivity "Critical" set archive enable set action block next end next end
config webfilter urlfilter edit 10 config entries edit 1 set url "*.delfa.com.br/*" set type wildcard set action monitor next edit 2 set url "*mail.google.com*" set type wildcard set action monitor next end next end
config webfilter profile edit "Clone_WF_TI" config web set urlfilter-table 10 end next end
config firewall policy edit 1 set name "Proxy_rule_dlp" set srcintf "port3" set dstintf "virtual-wan-link" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set ssl-ssh-profile "custom-deep-inspection" set webfilter-profile "Clone_WF_TI" set dlp-sensor "delfa" next end
|
