Fortinet black logo

Handbook

Home FortiADC 7.4.2 Handbook
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

Configuring a DLP Policy

Configuring a DLP Policy

The Data Loss Prevention (DLP) feature allows the Web Application Firewall (WAF) to prevent information leaks, damage and loss. DLP provides desensitization and warning measures for sensitive information leaks on websites, such as SSN numbers and credit card information, as well as the leakage of sensitive keywords.

You can create a DLP Policy to match a sensor based on file content or an HTTP Payload, and the email protocol being used to attach files. It also allows you to choose the action to allow, log, or block the IP address.

Before you begin:
To configure a DLP Policy:
  1. Go to Web Application Firewall > Data Loss Prevention.
    The configuration page displays the DLP Policy tab.
  2. Click Create New to display the configuration editor.

  3. Configure the following DLP Policy settings:

    Setting

    Description

    NameSpecify a name for the DLP Policy.
    Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. The configuration name cannot be edited once it has been saved.
    StatusEnable or disable this profile. Default is disable.

    Masking

    The Masking option is available if Status is enabled.

    Enable masking to replace sensitive data with asterisks(*). Default is disable.

    Note:
    When masking is enabled, all target data will be replaced by an asterisk(*) so the threshold value won’t take effect here. Masking only works when the action is alert. The connection will be rejected when the action is set as "deny" or "block," so no target data will be replaced.

    Action

    The Action option is available if Status is enabled.

    Select the action profile that you want to apply. See Configuring WAF Action objects. The default is Alert.

    Severity

    The Severity option is available if Status is enabled.

    Set the severity level in the WAF logs for potential attacks detected by the DLP Policy.

    • High
    • Medium
    • Low

    The default option is Low.

  4. Click Save.
    After the Data Leak Prevention configuration is saved, the Rule section becomes available to configure.
  5. Under the Rule section, click Create New to display the Data Loss Prevention Rule configuration editor.

  6. Configure the following Data Loss Prevention Rule settings:

    Setting

    Description

    Type

    Select the DLP data type to match:

    • Sensitive Data Type

    • Sensors

    The default option is Sensitive Data Type.

    URI PatternSpecify the URI Pattern in the Data Loss Prevention rules. Scanning and receiving an empty value means this rule is not working.
    Sensitive Data Type

    The Sensitive Data Type option is available if the Type is Sensitive Data Type.

    Select the Sensitive Data Type you want to apply. See Configuring a Sensitive Data Type object.

    Threshold

    The Threshold option is available if the Type is Sensors.

    Set a threshold for the Data Loss Prevention rule.
    The rule will not take effect until the target data exceeds the threshold's specified value. Range 1-10000. Default is 1. This will not work if Masking is enabled.

    Sensor

    The Sensor option is available if the Type is Sensors.

    Select the DLP Sensor you want to apply. See Configuring a DLP Sensor object.

  7. Click Save.
    Once the Data Loss Prevention Rule configuration is saved, the editor dialog closes.
    You can add more rule items, with a maximum of 256 rules, but detection will stop after matching as many as 8 rules.
  8. Click Save to update the DLP Policy configuration.
    Once the DLP Policy is saved, you can reference it in a WAF Profile.
Previous
Next

Configuring a DLP Policy

The Data Loss Prevention (DLP) feature allows the Web Application Firewall (WAF) to prevent information leaks, damage and loss. DLP provides desensitization and warning measures for sensitive information leaks on websites, such as SSN numbers and credit card information, as well as the leakage of sensitive keywords.

You can create a DLP Policy to match a sensor based on file content or an HTTP Payload, and the email protocol being used to attach files. It also allows you to choose the action to allow, log, or block the IP address.

Before you begin:
To configure a DLP Policy:
  1. Go to Web Application Firewall > Data Loss Prevention.
    The configuration page displays the DLP Policy tab.
  2. Click Create New to display the configuration editor.

  3. Configure the following DLP Policy settings:

    Setting

    Description

    NameSpecify a name for the DLP Policy.
    Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. The configuration name cannot be edited once it has been saved.
    StatusEnable or disable this profile. Default is disable.

    Masking

    The Masking option is available if Status is enabled.

    Enable masking to replace sensitive data with asterisks(*). Default is disable.

    Note:
    When masking is enabled, all target data will be replaced by an asterisk(*) so the threshold value won’t take effect here. Masking only works when the action is alert. The connection will be rejected when the action is set as "deny" or "block," so no target data will be replaced.

    Action

    The Action option is available if Status is enabled.

    Select the action profile that you want to apply. See Configuring WAF Action objects. The default is Alert.

    Severity

    The Severity option is available if Status is enabled.

    Set the severity level in the WAF logs for potential attacks detected by the DLP Policy.

    • High
    • Medium
    • Low

    The default option is Low.

  4. Click Save.
    After the Data Leak Prevention configuration is saved, the Rule section becomes available to configure.
  5. Under the Rule section, click Create New to display the Data Loss Prevention Rule configuration editor.

  6. Configure the following Data Loss Prevention Rule settings:

    Setting

    Description

    Type

    Select the DLP data type to match:

    • Sensitive Data Type

    • Sensors

    The default option is Sensitive Data Type.

    URI PatternSpecify the URI Pattern in the Data Loss Prevention rules. Scanning and receiving an empty value means this rule is not working.
    Sensitive Data Type

    The Sensitive Data Type option is available if the Type is Sensitive Data Type.

    Select the Sensitive Data Type you want to apply. See Configuring a Sensitive Data Type object.

    Threshold

    The Threshold option is available if the Type is Sensors.

    Set a threshold for the Data Loss Prevention rule.
    The rule will not take effect until the target data exceeds the threshold's specified value. Range 1-10000. Default is 1. This will not work if Masking is enabled.

    Sensor

    The Sensor option is available if the Type is Sensors.

    Select the DLP Sensor you want to apply. See Configuring a DLP Sensor object.

  7. Click Save.
    Once the Data Loss Prevention Rule configuration is saved, the editor dialog closes.
    You can add more rule items, with a maximum of 256 rules, but detection will stop after matching as many as 8 rules.
  8. Click Save to update the DLP Policy configuration.
    Once the DLP Policy is saved, you can reference it in a WAF Profile.
Previous
Next