Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure DLP sensors.

  config dlp sensor
      Description: Configure DLP sensors.
      edit <name>
          set comment {var-string}
          set replacemsg-group {string}
          config filter
              Description: Set up DLP filters for this sensor.
              edit <id>
                  set name {string}
                  set severity [info|low|...]
                  set type [file|message]
                  set proto {option1}, {option2}, ...
                  set filter-by [credit-card|ssn|...]
                  set file-size {integer}
                  set company-identifier {string}
                  set sensitivity <name1>, <name2>, ...
                  set match-percentage {integer}
                  set file-type {integer}
                  set regexp {string}
                  set archive [disable|enable]
                  set action [allow|log-only|...]
                  set expiry {user}
              next
          end
          set dlp-log [enable|disable]
          set extended-log [enable|disable]
          set nac-quar-log [enable|disable]
          set options {option}
          set full-archive-proto {option1}, {option2}, ...
          set summary-proto {option1}, {option2}, ...
      next
  end

config dlp sensor

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
replacemsg-group Replacement message group used by this DLP sensor. string Maximum length: 35
dlp-log Enable/disable DLP logging.
enable: Enable DLP logging.
disable: Disable DLP logging.
option -
extended-log Enable/disable extended logging for data leak prevention.
enable: Enable setting.
disable: Disable setting.
option -
nac-quar-log Enable/disable NAC quarantine logging.
enable: Enable NAC quarantine logging.
disable: Disable NAC quarantine logging.
option -
options Configure DLP options.
option -
full-archive-proto Protocols to always content archive.
smtp: SMTP.
pop3: POP3.
imap: IMAP.
http-get: HTTP GET.
http-post: HTTP POST.
ftp: FTP.
nntp: NNTP.
mapi: MAPI
option -
summary-proto Protocols to always log summary.
smtp: SMTP.
pop3: POP3.
imap: IMAP.
http-get: HTTP GET.
http-post: HTTP POST.
ftp: FTP.
nntp: NNTP.
mapi: MAPI
option -

config filter

Parameter Name Description Type Size
name Filter name. string Maximum length: 35
severity Select the severity or threat level that matches this filter.
info: Informational.
low: Low.
medium: Medium.
high: High.
critical: Critical.
option -
type Select whether to check the content of messages (an email message) or files (downloaded files or email attachments).
file: Check the contents of downloaded or attached files.
message: Check the contents of email messages, web pages, etc.
option -
proto Check messages or files over one or more of these protocols.
smtp: SMTP.
pop3: POP3.
imap: IMAP.
http-get: HTTP GET.
http-post: HTTP POST.
ftp: FTP.
nntp: NNTP.
mapi: MAPI
option -
filter-by Select the type of content to match.
credit-card: Match credit cards.
ssn: Match social security numbers.
regexp: Use a regular expression to match content.
file-type: Match a DLP file pattern list.
file-size: Match any file over with a size over the threshold.
fingerprint: Match against a fingerprint sensitivity.
watermark: Look for defined file watermarks.
encrypted: Look for encrypted files.
option -
file-size Match files this size or larger (0 - 4294967295 kbytes). integer Minimum value: 0 Maximum value: 4294967295
company-identifier Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. string Maximum length: 35
sensitivity <name> Select a DLP file pattern sensitivity to match.
Select a DLP sensitivity.
string Maximum length: 35
match-percentage Percentage of fingerprints in the fingerprint databases designated with the selected sensitivity to match. integer Minimum value: 1 Maximum value: 100
file-type Select the number of a DLP file pattern table to match. integer Minimum value: 0 Maximum value: 4294967295
regexp Enter a regular expression to match (max. 255 characters). string Maximum length: 255
archive Enable/disable DLP archiving.
disable: No DLP archiving.
enable: Enable full DLP archiving.
option -
action Action to take with content that this DLP sensor matches.
allow: Allow the content to pass through the FortiGate and do not create a log message.
log-only: Allow the content to pass through the FortiGate, but write a log message.
block: Block the content and write a log message.
quarantine-ip: Quarantine all traffic from the IP address and write a log message.
option -
expiry Quarantine duration in days, hours, minutes format (dddhhmm). user Not Specified

Configure DLP sensors.

  config dlp sensor
      Description: Configure DLP sensors.
      edit <name>
          set comment {var-string}
          set replacemsg-group {string}
          config filter
              Description: Set up DLP filters for this sensor.
              edit <id>
                  set name {string}
                  set severity [info|low|...]
                  set type [file|message]
                  set proto {option1}, {option2}, ...
                  set filter-by [credit-card|ssn|...]
                  set file-size {integer}
                  set company-identifier {string}
                  set sensitivity <name1>, <name2>, ...
                  set match-percentage {integer}
                  set file-type {integer}
                  set regexp {string}
                  set archive [disable|enable]
                  set action [allow|log-only|...]
                  set expiry {user}
              next
          end
          set dlp-log [enable|disable]
          set extended-log [enable|disable]
          set nac-quar-log [enable|disable]
          set options {option}
          set full-archive-proto {option1}, {option2}, ...
          set summary-proto {option1}, {option2}, ...
      next
  end

config dlp sensor

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
replacemsg-group Replacement message group used by this DLP sensor. string Maximum length: 35
dlp-log Enable/disable DLP logging.
enable: Enable DLP logging.
disable: Disable DLP logging.
option -
extended-log Enable/disable extended logging for data leak prevention.
enable: Enable setting.
disable: Disable setting.
option -
nac-quar-log Enable/disable NAC quarantine logging.
enable: Enable NAC quarantine logging.
disable: Disable NAC quarantine logging.
option -
options Configure DLP options.
option -
full-archive-proto Protocols to always content archive.
smtp: SMTP.
pop3: POP3.
imap: IMAP.
http-get: HTTP GET.
http-post: HTTP POST.
ftp: FTP.
nntp: NNTP.
mapi: MAPI
option -
summary-proto Protocols to always log summary.
smtp: SMTP.
pop3: POP3.
imap: IMAP.
http-get: HTTP GET.
http-post: HTTP POST.
ftp: FTP.
nntp: NNTP.
mapi: MAPI
option -

config filter

Parameter Name Description Type Size
name Filter name. string Maximum length: 35
severity Select the severity or threat level that matches this filter.
info: Informational.
low: Low.
medium: Medium.
high: High.
critical: Critical.
option -
type Select whether to check the content of messages (an email message) or files (downloaded files or email attachments).
file: Check the contents of downloaded or attached files.
message: Check the contents of email messages, web pages, etc.
option -
proto Check messages or files over one or more of these protocols.
smtp: SMTP.
pop3: POP3.
imap: IMAP.
http-get: HTTP GET.
http-post: HTTP POST.
ftp: FTP.
nntp: NNTP.
mapi: MAPI
option -
filter-by Select the type of content to match.
credit-card: Match credit cards.
ssn: Match social security numbers.
regexp: Use a regular expression to match content.
file-type: Match a DLP file pattern list.
file-size: Match any file over with a size over the threshold.
fingerprint: Match against a fingerprint sensitivity.
watermark: Look for defined file watermarks.
encrypted: Look for encrypted files.
option -
file-size Match files this size or larger (0 - 4294967295 kbytes). integer Minimum value: 0 Maximum value: 4294967295
company-identifier Enter a company identifier watermark to match. Only watermarks that your company has placed on the files are matched. string Maximum length: 35
sensitivity <name> Select a DLP file pattern sensitivity to match.
Select a DLP sensitivity.
string Maximum length: 35
match-percentage Percentage of fingerprints in the fingerprint databases designated with the selected sensitivity to match. integer Minimum value: 1 Maximum value: 100
file-type Select the number of a DLP file pattern table to match. integer Minimum value: 0 Maximum value: 4294967295
regexp Enter a regular expression to match (max. 255 characters). string Maximum length: 255
archive Enable/disable DLP archiving.
disable: No DLP archiving.
enable: Enable full DLP archiving.
option -
action Action to take with content that this DLP sensor matches.
allow: Allow the content to pass through the FortiGate and do not create a log message.
log-only: Allow the content to pass through the FortiGate, but write a log message.
block: Block the content and write a log message.
quarantine-ip: Quarantine all traffic from the IP address and write a log message.
option -
expiry Quarantine duration in days, hours, minutes format (dddhhmm). user Not Specified