Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ianmclachlan
New Contributor

DLP GUI option gone in 6.2.2

Hi Guys,

 

Have noticed that the GUI DLP configuration page is missing from 6.2.2.  I can, of course use the CLI, however, I'm lazy and prefer point and click.  Does anyone know if it's buried deep in the system somewhere?

 

Thanks

1 Solution
oxfordwhite84

I just opened a case regarding this.

 You can apply it to a policy if you:

[ol]
  • create a policy[ol]
  • You need to have the mode/type set to proxy[/ol]
  • In CLI edit the policy
  • set utm-status enable
  • NOW you can set the dlp-sensor[/ol]

     

    Hope that helps folks.

  • View solution in original post

    11 REPLIES 11
    nbctcp
    New Contributor III

    at last DLP CLI working with some caveat in 6.2.3 vm eval license

    1. It block zip even though zip not listed in filepattern

    2. where to see dlp log in CLI

    config dlp filepattern edit 1 set name "DLP-BLOCKFILE" config entries edit "bat" set filter-type type set file-type bat next edit "com" set filter-type type next edit "dll" set filter-type type next edit "exe" set filter-type type next edit "hta" set filter-type type next edit "scr" set filter-type type next edit "pif" set filter-type type next edit "cpl" set filter-type type next end end   config dlp sensor edit "default" set comment "Default sensor." config filter edit 1 set proto smtp pop3 imap http-get http-post ftp nntp mapi set filter-by file-type set file-type 2 set action block next end next edit "sniffer-profile" set comment "Log a summary of email and web traffic." set summary-proto smtp pop3 imap http-get http-post next edit "DLP-BLOCKSENSOR" config filter edit 1 set proto smtp pop3 imap http-get http-post ftp mapi set filter-by file-type set file-type 1 set archive enable set action block next end set extended-log enable next end   config firewall policy edit 1 set name "FGT1-SWtoWAN" set srcintf "FGT1-SW" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set dlp-sensor "DLP-BLOCKSENSOR" set logtraffic disable set nat enable next

    http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
    darwin_FTNT

    I re-checked the code history for DLP removal.  Due to mantis 0546964 and 0473012.

    It is to remove DLP from GUI but keep it in CLI due to existing users.

    On the long run, the functionalities will be merged to other/existing utm profiles for code & performance improvement.

    Basically, the functionality will not be removed but rather improved / with new features.

    Cheers.

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors