When installing a Policy Package with DLP profiles configured, the following error seen from the Installation Log may occur:

This is most likely caused by unsupported protocols being pushed from FortiManager to FortiGate. In the example shown, the MAPI protocol is not supported when the inspection mode is set to 'Flow' (default).

To ensure FortiManager can install the DLP Profile to the FortiGate successfully, either of the following steps needs to be done.

1. Change the inspection mode to the proxy:

• By default, the inspection mode for a DLP profile is set to flow.
• To change this, go to FortiManager -> Policy & Objects -> Object Configurations -> Security Profiles -> Data Leak Prevention.
• Edit the offending DLP profile and change the Feature Set to Proxy-based.

If the Data Leak Prevention section is not visible, it may need to be enabled on the Feature Visibility under the Tools tab.

Or:

2. Disable the unsupported protocols from the rule.

• In the Data Leak Prevention page on FortiManager, edit the offending DLP profile.
• Edit the rule with the unsupported protocol and unselect the protocol.

Perform another installation to verify if the issue has been resolved.