dlp fp-doc-source
Use this command to apply default or custom fingerprint sensitivity levels and add fingerprinting document sources, including the server and filepath for the source files. Configure the FortiGate to connect to a file share on a daily, weekly, or monthly basis.
config dlp fp-doc-source edit {name} # Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints. set name {string} Name of the DLP fingerprint database. size[35] set server-type {samba} Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported. samba SAMBA server. set server {string} IPv4 or IPv6 address of the server. size[35] set period {none | daily | weekly | monthly} Frequency for which the FortiGate checks the server for new or changed files. none Check the server when the FortiGate starts up. daily Check the server once a day. weekly Check the server once a week. monthly Check the server once a month. set vdom {mgmt | current} Select the VDOM that can communicate with the file server. mgmt Communicate with the file server through the management VDOM. current Communicate with the file server through the VDOM containing this DLP fingerprint database configuration. set scan-subdirectories {enable | disable} Enable/disable scanning subdirectories to find files to create fingerprints from. set scan-on-creation {enable | disable} Enable to keep the fingerprint database up to date when a file is added or changed on the server. set remove-deleted {enable | disable} Enable to keep the fingerprint database up to date when a file is deleted from the server. set keep-modified {enable | disable} Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database. set username {string} User name required to log into the file server. size[35] set password {password_string} Password required to log into the file server. size[128] set file-path {string} Path on the server to the fingerprint files (max 119 characters). size[119] set file-pattern {string} Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. size[35] set sensitivity {string} Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. size[35] - datasource(s): dlp.fp-sensitivity.name set tod-hour {integer} Hour of the day on which to scan the server (0 - 23, default = 1). range[0-23] set tod-min {integer} Minute of the hour on which to scan the server (0 - 59). range[0-59] set weekday {option} Day of the week on which to scan the server. sunday Sunday monday Monday tuesday Tuesday wednesday Wednesday thursday Thursday friday Friday saturday Saturday set date {integer} Day of the month on which to scan the server (1 - 31). range[1-31] next end
Additional information
The following section is for those options that require additional explanation.
date <date>
Note: This entry is only available when period
is set to monthly
.
Date of the month to run scans. Set the value between 1-31. The default is set to 1
.
file-path <server-path>
Path on the server to the fingerprint files.
file-pattern <string>
The file pattern to match when using DLP blocking. Can include wildcards and should include file type. For example, enter set file-pattern "*fortinet.xls"
to match all files that end in fortinet.xls
.
keep-modified {enable | disable}
Enable (by default) disable keeping old files in the list, in case an old version of a file is still circulating.
period {none | daily | weekly | monthly}
Select the frequency for server checking. Default is none
.
remove-deleted {enable | disable}
Enable (by default) disable removing chunks of files deleted from the server.
scan-on-creation {enable | disable}
Note: This entry is only available when period
is set to either daily
, weekly
, or monthly
.
Enable (by default) disable force scan of server when document source is created or edited.
scan-subdirectories {enable | disable}
Enable (by default) or disable scanning of subdirectories while fingerprinting documents.
sensitivity <string>
Sensitivity labels must be created with config dlp fp-sensitivity
before using this command. Specify a sensitivity label to apply to source files. Enter set sensitivity ?
to display all available labels.
server <ipv4/6-address>
IPv4 or IPv6 address of the server.
server-type {samba}
Enter the type of DLP server. Currently only Samba (SMB) servers are supported.
tod-hour <hour>
Note: This entry is only available when period
is set to either daily
, weekly
, or monthly
.
Time of day to run scans. Set the value between 0-23; enter the hour only and use 24-hour clock. The default is set to 1
.
tod-min <minute>
Note: This entry is only available when period
is set to either daily
, weekly
, or monthly
.
Time of day to run scans. Set the value between 0-59; enter the minute only. The default is set to 0
.
vdom {mgmt | current}
Choose whether to perform document fingerprinting from the current VDOM or the management VDOM. Files might be accessible through the management VDOM that are not accessible through the current VDOM. Default is mgmt
.
weekday <day>
Note: This entry is only available when period
is set to weekly
.
Day of the week to run scans. The default is set to sunday
.