Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Configuring file shadowing with FortiDLP

    Configuring file shadowing with FortiDLP

    After you perform vendor-side file shadowing setup, you are ready to configure FortiDLP.

    There are two parts for configuring FortiDLP, as detailed below. We recommend completing part 1, then proceeding to Testing file shadowing configurations, and then completing part 2.

    How to configure the storage vendor — Part 1
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations, select the File shadowing tab.
    3. In the Storage vendor section, in the Vendor menu, select the relevant storage vendor name.
    4. Do one of the following:
      • To use MinIO:
        1. In the Host field, type the server IP address and port, or the domain name you generated during server setup.
        2. In the Region field, type the name of the server location you specified during server setup; for example, us-west-1.
        3. In the Access key field, paste the access key for your MinIO user.
        4. In the Secret key field, paste the secret key for your MinIO user.
        5. In the Bucket field, type the name of your storage bucket.
        6. In the CA certificate field, do one of the following:
          • To use a public CA-issued TLS certificate, skip this step and proceed to step 5.
          • To use a private CA-issued TLS certificate, paste the contents of the private CA.
          • To use a self-signed TLS certificate, paste the contents of the public.crt file you generated (during How to generate a self-signed TLS certificate with MinIO).
            • Note

            Certificates must be provided in PEM format.

      • To use AWS:
        1. In the Region field, type the name of the region the S3 bucket is in.
        2. In the Bucket field, type the name of your S3 bucket.
        3. In the Access key ID field, paste your access key ID.
        4. In the Secret key field, paste your secret key.
      • To use GCS:
        1. In the Bucket field, type the name of your storage bucket.
        2. In the Service account JSON field, paste the contents of the service account JSON file you generated (during How to configure file shadowing with GCS).
      • To use Azure Blob Storage:
        1. In the Storage account name field, type the name of your storage account.
        2. In the Storage container field, type the name of your container.
        3. In the Access key field, paste your access key.
    5. Click Save.

    After you configure the storage vendor, proceed to Testing file shadowing configurations.

    How to configure Agent action settings — Part 2
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations, select the File shadowing tab.
    3. In the Agent action settings section, in the Maximum local storage on Agent (MB) field, type a number to limit the local storage of shadow copies by, in megabytes. A value of 0 places no limit on local storage. Shadow copies are temporarily stored on the Agent prior to upload to deal with cases where there is an issue connecting to the storage bucket. Shadow copies are removed from local storage when the connection is restored.
    4. In the Maximum single file size field, type a number to limit the single file size by which a shadow copy can be created, in megabytes. A value of 0 places no limit on single file size.
    5. Click Save.

    After you configure Agent action settings, proceed to Setting encryption keys.

    Previous
    Next

    Configuring file shadowing with FortiDLP

    Configuring file shadowing with FortiDLP

    After you perform vendor-side file shadowing setup, you are ready to configure FortiDLP.

    There are two parts for configuring FortiDLP, as detailed below. We recommend completing part 1, then proceeding to Testing file shadowing configurations, and then completing part 2.

    How to configure the storage vendor — Part 1
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations, select the File shadowing tab.
    3. In the Storage vendor section, in the Vendor menu, select the relevant storage vendor name.
    4. Do one of the following:
      • To use MinIO:
        1. In the Host field, type the server IP address and port, or the domain name you generated during server setup.
        2. In the Region field, type the name of the server location you specified during server setup; for example, us-west-1.
        3. In the Access key field, paste the access key for your MinIO user.
        4. In the Secret key field, paste the secret key for your MinIO user.
        5. In the Bucket field, type the name of your storage bucket.
        6. In the CA certificate field, do one of the following:
          • To use a public CA-issued TLS certificate, skip this step and proceed to step 5.
          • To use a private CA-issued TLS certificate, paste the contents of the private CA.
          • To use a self-signed TLS certificate, paste the contents of the public.crt file you generated (during How to generate a self-signed TLS certificate with MinIO).
            • Note

            Certificates must be provided in PEM format.

      • To use AWS:
        1. In the Region field, type the name of the region the S3 bucket is in.
        2. In the Bucket field, type the name of your S3 bucket.
        3. In the Access key ID field, paste your access key ID.
        4. In the Secret key field, paste your secret key.
      • To use GCS:
        1. In the Bucket field, type the name of your storage bucket.
        2. In the Service account JSON field, paste the contents of the service account JSON file you generated (during How to configure file shadowing with GCS).
      • To use Azure Blob Storage:
        1. In the Storage account name field, type the name of your storage account.
        2. In the Storage container field, type the name of your container.
        3. In the Access key field, paste your access key.
    5. Click Save.

    After you configure the storage vendor, proceed to Testing file shadowing configurations.

    How to configure Agent action settings — Part 2
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Integrations, select the File shadowing tab.
    3. In the Agent action settings section, in the Maximum local storage on Agent (MB) field, type a number to limit the local storage of shadow copies by, in megabytes. A value of 0 places no limit on local storage. Shadow copies are temporarily stored on the Agent prior to upload to deal with cases where there is an issue connecting to the storage bucket. Shadow copies are removed from local storage when the connection is restored.
    4. In the Maximum single file size field, type a number to limit the single file size by which a shadow copy can be created, in megabytes. A value of 0 places no limit on single file size.
    5. Click Save.

    After you configure Agent action settings, proceed to Setting encryption keys.

    Previous
    Next