In the scenario below, the client has configured a DLP blocking policy to block specific 'keywords' such as 'fortinet' on FortiProxy.

The expectation is for the DLP policy to intercept and block the respective keyword, however, it can be observed that whenever the keyword is passed on Microsoft Co-Pilot LLM, it appears that the keyword is not blocked.

Sample FortiProxy Config and Observation:

config dlp dictionary

    edit "Block"

        set uuid d406d078-441f-51ef-19bc-5f916db8abaa

        set match-around enable

            config entries

                edit 1

                    set type "keyword"

                    set pattern "fortinet"

                next

            end

    next

end

config dlp sensor

    edit "Block_Keyword"

        config entries

            edit 1

                set dictionary "Block"

            next

        end

    next

end

    edit "Block_Keyword"

        config rule

            edit 1

                set name "Block_Fortinet"

                set severity critical

                set type message

                set proto http-post

                set filter-by sensor

                set sensor "Block_Keyword"

                set

    next

end

    edit 1

        set type explicit-web

        set uuid 1e0e273c-2316-51ef-28b1-00db184af896

        set dstintf "port1"

        set srcaddr "all"

        set dstaddr "all"

        set action accept

        set schedule "always"

        set service "webproxy"

        set explicit-web-proxy "web-proxy"

        set utm-status enable

        set logtraffic all

        set log-http-transaction all

        set ssl-ssh-profile "Clone of deep-inspection"

        set dlp-profile "Block_Keyword"

    next

end

Keyword Not Blocked on Co-Pilot:

The DLP is unable to block keywords on Co-Pilot as Co-Pilot uses a proprietary method to transfer the data over WebSocket, for which the scanning is not supported currently by the FortiProxy and FortiGate.