Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

DLP Rules Data Leak Prevention

FortiGate Version 4.0 MR1 Administration Guide

594 01-410-89802-20090903

http://docs.fortinet.com/ • Feedback

Viewing DLP archives

Go to Log & Report > DLP Archive to view all DLP archived content stored on a

FortiAnalyzer unit or the FortiGuard Analysis and Management server.

The DLP Archive menu is only visible if you have configured the FortiGate unit for remote

logging and archiving to a FortiAnalyzer unit or to the FortiGuard Analysis and

Management Service.

To view DLP archives

1 Go to Log&Report > DLP Archive.

2 Select the following tabs to view DLP archives for one of these protocols.

• E-mail to view POP3, IMAP, SMTP, POP3S, IMAPS, SMTPS, and spam email

archives.

• Web to view HTTP and HTTPS archives.

• FTP to view FTP archives.

• IM to view AIM, ICQ, MSN, and Yahoo! archives.

• VoIP to view session control (SIP, SIMPLE and SCCP) archives.

DLP Rules

DLP rules are the core element of the data leak prevention feature. These rules define the

data to be protected so the FortiGate unit can recognize it. For example, an included rule

uses regular expressions to describe Social Security number:

([0-6]\d{2}|7([0-6]\d|7[0-2]))[ \-]?\d{2}[ \-]\d{4}

Rather than having to list every possible Social Security number, this regular expression

describes the structure of a Social Security number. The pattern is easily recognizable by

the FortiGate unit. For more information about regular expressions, see “Using wildcards

and Perl regular expressions” on page 578.

DLP rules can be combined into compound rules and they can be included in sensors. If

rules are specified directly in a sensor, traffic matching any single rule will trigger the

configured action. If the rules are first combined into a compound rule and then specified

in a sensor, every rule in the compound rule must match the traffic to trigger the configured

action.

Individual rules in a sensor are linked with an implicit OR condition while rules within a

compound rule are linked with an implicit AND condition.

Viewing the DLP rule list

To view the DLP rule list, go to UTM > Data Leak Prevention > Rule.

Note: Infected files are clearly indicated in the DLP Archive Email message list.

Fortinet FortiGate Series Administration Guide

Other manuals for Fortinet FortiGate Series