Fortinet black logo

Administration Guide

Basic DLP filter types

Basic DLP filter types

The following basic filter types can be configured in the CLI:

File type and name

A file type filter allows you to block, allow, log, or quarantine based on the file type specified in the file filter list (see Supported file types).

config dlp filepattern
    edit <id>
        set name <string>
        config entries
            edit <pattern>
                set filter-type {type | pattern}
                set file-type <file_type>
            next
        end
    next
end
To configure file type and name filtering:
  1. Create a file pattern to filter files based on the file name patter or file type.

    For example, to filter for GIFs and PDFs:

    config dlp filepattern
        edit 11
            set name "sample_config"
            config entries
                edit "*.gif"
                    set filter-type pattern
                next
                edit "pdf"
                    set filter-type type
                    set file-type pdf
                next
            end
        next
    end
  2. Create the DLP sensor:
    config dlp sensor
       edit <name>
          config filter
             edit <id>
                set name <string>
                set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} 
                set filter-by file-type
                set file-type 11
                set action {allow | log-only | block | quarantine-ip}
             next
          end
       next
    end

File size

A file size filter checks for files that exceed the specific size, and performs the DLP sensor's configured action on them.

To configure file size filtering:
config dlp sensor
   edit <name>
      config filter
         edit <id>
            set name <string>
            set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} 
            set filter-by file-size
            set file-type 11
            set action {allow | log-only | block | quarantine-ip}
         next
      end
   next
end

Regular expression

A regular expression filter is used to filter files or messages based on the configured regular expression pattern.

To configure regular expression filtering:
config dlp sensor
   edit <name>
      config filter
         edit <id>
            set name <string>
            set type {file | message}
            set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} 
            set filter-by regexp
            set regexp <string>
            set action {allow | log-only | block | quarantine-ip}
         next
      end
   next
end

Credit card and SSN

The credit card sensor can match the credit card number formats used by American Express, Mastercard, and Visa. It can be used to filter files or messages.

The SSN sensor can be used to filter files or messages for Social Security numbers.

To configure credit card or SSN filtering:
config dlp sensor
   edit <name>
      config filter
         edit <id>
            set name <string>
            set type {file | message}
            set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs}
            set filter-by {credit-card | ssn}
            set action {allow | log-only | block | quarantine-ip}
         next
      end
   next
end

Basic DLP filter types

The following basic filter types can be configured in the CLI:

File type and name

A file type filter allows you to block, allow, log, or quarantine based on the file type specified in the file filter list (see Supported file types).

config dlp filepattern
    edit <id>
        set name <string>
        config entries
            edit <pattern>
                set filter-type {type | pattern}
                set file-type <file_type>
            next
        end
    next
end
To configure file type and name filtering:
  1. Create a file pattern to filter files based on the file name patter or file type.

    For example, to filter for GIFs and PDFs:

    config dlp filepattern
        edit 11
            set name "sample_config"
            config entries
                edit "*.gif"
                    set filter-type pattern
                next
                edit "pdf"
                    set filter-type type
                    set file-type pdf
                next
            end
        next
    end
  2. Create the DLP sensor:
    config dlp sensor
       edit <name>
          config filter
             edit <id>
                set name <string>
                set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} 
                set filter-by file-type
                set file-type 11
                set action {allow | log-only | block | quarantine-ip}
             next
          end
       next
    end

File size

A file size filter checks for files that exceed the specific size, and performs the DLP sensor's configured action on them.

To configure file size filtering:
config dlp sensor
   edit <name>
      config filter
         edit <id>
            set name <string>
            set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} 
            set filter-by file-size
            set file-type 11
            set action {allow | log-only | block | quarantine-ip}
         next
      end
   next
end

Regular expression

A regular expression filter is used to filter files or messages based on the configured regular expression pattern.

To configure regular expression filtering:
config dlp sensor
   edit <name>
      config filter
         edit <id>
            set name <string>
            set type {file | message}
            set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} 
            set filter-by regexp
            set regexp <string>
            set action {allow | log-only | block | quarantine-ip}
         next
      end
   next
end

Credit card and SSN

The credit card sensor can match the credit card number formats used by American Express, Mastercard, and Visa. It can be used to filter files or messages.

The SSN sensor can be used to filter files or messages for Social Security numbers.

To configure credit card or SSN filtering:
config dlp sensor
   edit <name>
      config filter
         edit <id>
            set name <string>
            set type {file | message}
            set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs}
            set filter-by {credit-card | ssn}
            set action {allow | log-only | block | quarantine-ip}
         next
      end
   next
end