Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

dlp fp-doc-source

Use this command to apply default or custom fingerprint sensitivity levels and add fingerprinting document sources, including the server and filepath for the source files. Configure the FortiGate to connect to a file share on a daily, weekly, or monthly basis.

config dlp fp-doc-source
    edit {name}
    # Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints.
        set name {string}   Name of the DLP fingerprint database. size[35]
        set server-type {samba}   Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported.
                samba  SAMBA server.
        set server {string}   IPv4 or IPv6 address of the server. size[35]
        set period {none | daily | weekly | monthly}   Frequency for which the FortiGate checks the server for new or changed files.
                none     Check the server when the FortiGate starts up.
                daily    Check the server once a day.
                weekly   Check the server once a week.
                monthly  Check the server once a month.
        set vdom {mgmt | current}   Select the VDOM that can communicate with the file server.
                mgmt     Communicate with the file server through the management VDOM.
                current  Communicate with the file server through the VDOM containing this DLP fingerprint database configuration.
        set scan-subdirectories {enable | disable}   Enable/disable scanning subdirectories to find files to create fingerprints from.
        set scan-on-creation {enable | disable}   Enable to keep the fingerprint database up to date when a file is added or changed on the server.
        set remove-deleted {enable | disable}   Enable to keep the fingerprint database up to date when a file is deleted from the server.
        set keep-modified {enable | disable}   Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database.
        set username {string}   User name required to log into the file server. size[35]
        set password {password_string}   Password required to log into the file server. size[128]
        set file-path {string}   Path on the server to the fingerprint files (max 119 characters). size[119]
        set file-pattern {string}   Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. size[35]
        set sensitivity {string}   Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. size[35] - datasource(s): dlp.fp-sensitivity.name
        set tod-hour {integer}   Hour of the day on which to scan the server (0 - 23, default = 1). range[0-23]
        set tod-min {integer}   Minute of the hour on which to scan the server (0 - 59). range[0-59]
        set weekday {option}   Day of the week on which to scan the server.
                sunday     Sunday
                monday     Monday
                tuesday    Tuesday
                wednesday  Wednesday
                thursday   Thursday
                friday     Friday
                saturday   Saturday
        set date {integer}   Day of the month on which to scan the server (1 - 31). range[1-31]
    next
end

Additional information

The following section is for those options that require additional explanation.

date <date>

Note: This entry is only available when period is set to monthly.

Date of the month to run scans. Set the value between 1-31. The default is set to 1.

file-path <server-path>

Path on the server to the fingerprint files.

file-pattern <string>

The file pattern to match when using DLP blocking. Can include wildcards and should include file type. For example, enter set file-pattern "*fortinet.xls" to match all files that end in fortinet.xls.

keep-modified {enable | disable}

Enable (by default) disable keeping old files in the list, in case an old version of a file is still circulating.

period {none | daily | weekly | monthly}

Select the frequency for server checking. Default is none.

remove-deleted {enable | disable}

Enable (by default) disable removing chunks of files deleted from the server.

scan-on-creation {enable | disable}

Note: This entry is only available when period is set to either daily, weekly, or monthly.

Enable (by default) disable force scan of server when document source is created or edited.

scan-subdirectories {enable | disable}

Enable (by default) or disable scanning of subdirectories while fingerprinting documents.

sensitivity <string>

Sensitivity labels must be created with config dlp fp-sensitivity before using this command. Specify a sensitivity label to apply to source files. Enter set sensitivity ? to display all available labels.

server <ipv4/6-address>

IPv4 or IPv6 address of the server.

server-type {samba}

Enter the type of DLP server. Currently only Samba (SMB) servers are supported.

tod-hour <hour>

Note: This entry is only available when period is set to either daily, weekly, or monthly.

Time of day to run scans. Set the value between 0-23; enter the hour only and use 24-hour clock. The default is set to 1.

tod-min <minute>

Note: This entry is only available when period is set to either daily, weekly, or monthly.

Time of day to run scans. Set the value between 0-59; enter the minute only. The default is set to 0.

vdom {mgmt | current}

Choose whether to perform document fingerprinting from the current VDOM or the management VDOM. Files might be accessible through the management VDOM that are not accessible through the current VDOM. Default is mgmt.

weekday <day>

Note: This entry is only available when period is set to weekly.

Day of the week to run scans. The default is set to sunday.

dlp fp-doc-source

Use this command to apply default or custom fingerprint sensitivity levels and add fingerprinting document sources, including the server and filepath for the source files. Configure the FortiGate to connect to a file share on a daily, weekly, or monthly basis.

config dlp fp-doc-source
    edit {name}
    # Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints.
        set name {string}   Name of the DLP fingerprint database. size[35]
        set server-type {samba}   Protocol used to communicate with the file server. Currently only Samba (SMB) servers are supported.
                samba  SAMBA server.
        set server {string}   IPv4 or IPv6 address of the server. size[35]
        set period {none | daily | weekly | monthly}   Frequency for which the FortiGate checks the server for new or changed files.
                none     Check the server when the FortiGate starts up.
                daily    Check the server once a day.
                weekly   Check the server once a week.
                monthly  Check the server once a month.
        set vdom {mgmt | current}   Select the VDOM that can communicate with the file server.
                mgmt     Communicate with the file server through the management VDOM.
                current  Communicate with the file server through the VDOM containing this DLP fingerprint database configuration.
        set scan-subdirectories {enable | disable}   Enable/disable scanning subdirectories to find files to create fingerprints from.
        set scan-on-creation {enable | disable}   Enable to keep the fingerprint database up to date when a file is added or changed on the server.
        set remove-deleted {enable | disable}   Enable to keep the fingerprint database up to date when a file is deleted from the server.
        set keep-modified {enable | disable}   Enable so that when a file is changed on the server the FortiGate keeps the old fingerprint and adds a new fingerprint to the database.
        set username {string}   User name required to log into the file server. size[35]
        set password {password_string}   Password required to log into the file server. size[128]
        set file-path {string}   Path on the server to the fingerprint files (max 119 characters). size[119]
        set file-pattern {string}   Files matching this pattern on the server are fingerprinted. Optionally use the * and ? wildcards. size[35]
        set sensitivity {string}   Select a sensitivity or threat level for matches with this fingerprint database. Add sensitivities using fp-sensitivity. size[35] - datasource(s): dlp.fp-sensitivity.name
        set tod-hour {integer}   Hour of the day on which to scan the server (0 - 23, default = 1). range[0-23]
        set tod-min {integer}   Minute of the hour on which to scan the server (0 - 59). range[0-59]
        set weekday {option}   Day of the week on which to scan the server.
                sunday     Sunday
                monday     Monday
                tuesday    Tuesday
                wednesday  Wednesday
                thursday   Thursday
                friday     Friday
                saturday   Saturday
        set date {integer}   Day of the month on which to scan the server (1 - 31). range[1-31]
    next
end

Additional information

The following section is for those options that require additional explanation.

date <date>

Note: This entry is only available when period is set to monthly.

Date of the month to run scans. Set the value between 1-31. The default is set to 1.

file-path <server-path>

Path on the server to the fingerprint files.

file-pattern <string>

The file pattern to match when using DLP blocking. Can include wildcards and should include file type. For example, enter set file-pattern "*fortinet.xls" to match all files that end in fortinet.xls.

keep-modified {enable | disable}

Enable (by default) disable keeping old files in the list, in case an old version of a file is still circulating.

period {none | daily | weekly | monthly}

Select the frequency for server checking. Default is none.

remove-deleted {enable | disable}

Enable (by default) disable removing chunks of files deleted from the server.

scan-on-creation {enable | disable}

Note: This entry is only available when period is set to either daily, weekly, or monthly.

Enable (by default) disable force scan of server when document source is created or edited.

scan-subdirectories {enable | disable}

Enable (by default) or disable scanning of subdirectories while fingerprinting documents.

sensitivity <string>

Sensitivity labels must be created with config dlp fp-sensitivity before using this command. Specify a sensitivity label to apply to source files. Enter set sensitivity ? to display all available labels.

server <ipv4/6-address>

IPv4 or IPv6 address of the server.

server-type {samba}

Enter the type of DLP server. Currently only Samba (SMB) servers are supported.

tod-hour <hour>

Note: This entry is only available when period is set to either daily, weekly, or monthly.

Time of day to run scans. Set the value between 0-23; enter the hour only and use 24-hour clock. The default is set to 1.

tod-min <minute>

Note: This entry is only available when period is set to either daily, weekly, or monthly.

Time of day to run scans. Set the value between 0-59; enter the minute only. The default is set to 0.

vdom {mgmt | current}

Choose whether to perform document fingerprinting from the current VDOM or the management VDOM. Files might be accessible through the management VDOM that are not accessible through the current VDOM. Default is mgmt.

weekday <day>

Note: This entry is only available when period is set to weekly.

Day of the week to run scans. The default is set to sunday.