DLP watermarking
Watermarking marks files with a digital pattern to designate them as proprietary to a specific company. A small pattern is added to the file that is recognized by the DLP watermark filter, but is invisible to the end user (except for text files).
FortiExplorer client, or a Linux-based command line tool, can be used to add a watermark to the following file types:
- .txt
- .doc and .docx
- .ppt and .pptx
- .xls and .xlsx
The following information is covered in this section:
- Watermarking a file with FortiExplorer.
- Watermarking a file with the Linux tool.
- Configuring a DLP sensor to detect watermarked files.
FortiExplorer
In this example, a watermark will be added to small text file. The content of the file is:
This is to show how DLP watermarking is done using FortiExplorer.
FortiExplorer can also be used to watermark an entire directory.
To watermark the text file with FortiExplorer:
- Open the FortiExplorer client.
- Select DLP Watermark from the left side bar.
- Set Apply Watermark To to Select File.
- Browse for the file, copy the file's path into the Select File field.
- Set the Sensitivity Level. The available options are: Critical, Private, and Warning.
- Enter a company identifier in the Identifier field.
- Select the Output Directory where the watermarked file will be saved.
- Click Apply Watermark. The file is watermarked.
- The watermarked file content is changed to:
This is to show how DLP watermarking is done using FortiExplorer.=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=identifier=FortiDemo sensitivity=Critical=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The watermark pattern is visible in text files. For all other supported file types, it is invisible. |
Linux-based command line tool
A Linux-based command line tool can be used to watermark files. The tool can be executed is a Linux environment by passing in files or directories of files.
To download the tool:
- Log in to Fortinet Service and Support. A valid support contract is required.
- Go to Download > Firmware Images.
- Select the Download tab, and go to FortiGate/v5.00/5.0/5.0.0/WATERMARK.
- Download the fortinet-watermark-linux.out file.
To run the tool:
Enter the following to run the tool on a file:
watermark_linux_amd64 <options> -f <file name> -i <identifier> -l <sensitivity level>
Enter the following to run the tool on a directory:
watermark_linux_amd64 <options> -d <directory> -i <identifier> -l <sensitivity level>
The following options are available:
-h |
Print this help. |
-I |
Watermark the file in place (don't make a copy of the file). |
-o |
The output file or directory. |
-e |
Encode <to non-readable>. |
-i |
Add a watermark identifier. |
-l |
Add a watermark sensitivity level. |
-D |
Delete a watermark identifier. |
-L |
Delete a watermark sensitivity level. |
DLP watermark sensor
A DLP watermark sensor must be configured to detect watermarked files.
To configure a DLP watermark sensor:
config dlp sensor edit <sensor name> config filter edit <id number of filter> set proto {smtp | pop3 | imap http-get | http-post | ftp | nntp | mapi} <-- Protocol to inspect set filter-by watermark set sensitivity {Critical | Private | Warning} set company-identifier <string> set action {allow | log-only | block | ban | quarantine-ip} next end next end