Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config dlp profile

Configure DLP profiles.

config dlp profile

Description: Configure DLP profiles.

edit <name>

set comment {var-string}

set feature-set [flow|proxy]

set replacemsg-group {string}

config rule

Description: Set up DLP rules for this profile.

edit <id>

set name {string}

set severity [info|low|...]

set type [file|message]

set proto {option1}, {option2}, ...

set filter-by [sensor|mip|...]

set file-size {integer}

set sensitivity <name1>, <name2>, ...

set file-type {integer}

set sensor <name1>, <name2>, ...

set label {string}

set archive [disable|enable]

set action [allow|log-only|...]

set expiry {user}

next

end

set dlp-log [enable|disable]

set extended-log [enable|disable]

set nac-quar-log [enable|disable]

set full-archive-proto {option1}, {option2}, ...

set summary-proto {option1}, {option2}, ...

next

end

config dlp profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Not Specified

feature-set

Flow/proxy feature set.

option

-

flow

 

Option

Description

flow

Flow feature set.

proxy

Proxy feature set.

replacemsg-group

Replacement message group used by this DLP profile.

string

Not Specified

dlp-log

Enable/disable DLP logging.

option

-

enable

 

Option

Description

enable

Enable DLP logging.

disable

Disable DLP logging.

extended-log

Enable/disable extended logging for data leak prevention.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

nac-quar-log

Enable/disable NAC quarantine logging.

option

-

disable

 

Option

Description

enable

Enable NAC quarantine logging.

disable

Disable NAC quarantine logging.

full-archive-proto

Protocols to always content archive.

option

-

 

Option

Description

smtp

SMTP.

pop3

POP3.

imap

IMAP.

http-get

HTTP GET.

http-post

HTTP POST.

ftp

FTP.

nntp

NNTP.

mapi

MAPI.

ssh

SFTP and SCP.

cifs

CIFS.

summary-proto

Protocols to always log summary.

option

-

 

Option

Description

smtp

SMTP.

pop3

POP3.

imap

IMAP.

http-get

HTTP GET.

http-post

HTTP POST.

ftp

FTP.

nntp

NNTP.

mapi

MAPI.

ssh

SFTP and SCP.

cifs

CIFS.

config rule

Parameter

Description

Type

Size

Default

name

Filter name.

string

Not Specified

severity

Select the severity or threat level that matches this filter.

option

-

medium

 

Option

Description

info

Informational.

low

Low.

medium

Medium.

high

High.

critical

Critical.

type

Select whether to check the content of messages (an email message) or files (downloaded files or email attachments).

option

-

file

 

Option

Description

file

Check the contents of downloaded or attached files.

message

Check the contents of email messages, web pages, etc.

proto

Check messages or files over one or more of these protocols.

option

-

 

Option

Description

smtp

SMTP.

pop3

POP3.

imap

IMAP.

http-get

HTTP GET.

http-post

HTTP POST.

ftp

FTP.

nntp

NNTP.

mapi

MAPI.

ssh

SFTP and SCP.

cifs

CIFS.

filter-by

Select the type of content to match.

option

-

none

 

Option

Description

sensor

Use DLP sensors to match content.

mip

Use MIP label dictionary to match content.

encrypted

Look for encrypted files.

none

No content scan.

file-size

Match files this size or larger .

integer

Minimum value: 0 Maximum value: 4294967295

0

sensitivity <name>

Select a DLP file pattern sensitivity to match.

Select a DLP sensitivity.

string

Maximum length: 35

file-type

Select the number of a DLP file pattern table to match.

integer

Minimum value: 0 Maximum value: 4294967295

0

sensor <name>

Select DLP sensors.

Address name.

string

Maximum length: 35

label

MIP label dictionary.

string

Not Specified

archive

Enable/disable DLP archiving.

option

-

disable

 

Option

Description

disable

No DLP archiving.

enable

Enable full DLP archiving.

action

Action to take with content that this DLP profile matches.

option

-

allow

 

Option

Description

allow

Allow the content to pass through the FortiGate and do not create a log message.

log-only

Allow the content to pass through the FortiGate, but write a log message.

block

Block the content and write a log message.

quarantine-ip

Quarantine all traffic from the IP address and write a log message.

expiry

Quarantine duration in days, hours, minutes (format = dddhhmm).

user

Not Specified

5m

config dlp profile

Configure DLP profiles.

config dlp profile

Description: Configure DLP profiles.

edit <name>

set comment {var-string}

set feature-set [flow|proxy]

set replacemsg-group {string}

config rule

Description: Set up DLP rules for this profile.

edit <id>

set name {string}

set severity [info|low|...]

set type [file|message]

set proto {option1}, {option2}, ...

set filter-by [sensor|mip|...]

set file-size {integer}

set sensitivity <name1>, <name2>, ...

set file-type {integer}

set sensor <name1>, <name2>, ...

set label {string}

set archive [disable|enable]

set action [allow|log-only|...]

set expiry {user}

next

end

set dlp-log [enable|disable]

set extended-log [enable|disable]

set nac-quar-log [enable|disable]

set full-archive-proto {option1}, {option2}, ...

set summary-proto {option1}, {option2}, ...

next

end

config dlp profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Not Specified

feature-set

Flow/proxy feature set.

option

-

flow

 

Option

Description

flow

Flow feature set.

proxy

Proxy feature set.

replacemsg-group

Replacement message group used by this DLP profile.

string

Not Specified

dlp-log

Enable/disable DLP logging.

option

-

enable

 

Option

Description

enable

Enable DLP logging.

disable

Disable DLP logging.

extended-log

Enable/disable extended logging for data leak prevention.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

nac-quar-log

Enable/disable NAC quarantine logging.

option

-

disable

 

Option

Description

enable

Enable NAC quarantine logging.

disable

Disable NAC quarantine logging.

full-archive-proto

Protocols to always content archive.

option

-

 

Option

Description

smtp

SMTP.

pop3

POP3.

imap

IMAP.

http-get

HTTP GET.

http-post

HTTP POST.

ftp

FTP.

nntp

NNTP.

mapi

MAPI.

ssh

SFTP and SCP.

cifs

CIFS.

summary-proto

Protocols to always log summary.

option

-

 

Option

Description

smtp

SMTP.

pop3

POP3.

imap

IMAP.

http-get

HTTP GET.

http-post

HTTP POST.

ftp

FTP.

nntp

NNTP.

mapi

MAPI.

ssh

SFTP and SCP.

cifs

CIFS.

config rule

Parameter

Description

Type

Size

Default

name

Filter name.

string

Not Specified

severity

Select the severity or threat level that matches this filter.

option

-

medium

 

Option

Description

info

Informational.

low

Low.

medium

Medium.

high

High.

critical

Critical.

type

Select whether to check the content of messages (an email message) or files (downloaded files or email attachments).

option

-

file

 

Option

Description

file

Check the contents of downloaded or attached files.

message

Check the contents of email messages, web pages, etc.

proto

Check messages or files over one or more of these protocols.

option

-

 

Option

Description

smtp

SMTP.

pop3

POP3.

imap

IMAP.

http-get

HTTP GET.

http-post

HTTP POST.

ftp

FTP.

nntp

NNTP.

mapi

MAPI.

ssh

SFTP and SCP.

cifs

CIFS.

filter-by

Select the type of content to match.

option

-

none

 

Option

Description

sensor

Use DLP sensors to match content.

mip

Use MIP label dictionary to match content.

encrypted

Look for encrypted files.

none

No content scan.

file-size

Match files this size or larger .

integer

Minimum value: 0 Maximum value: 4294967295

0

sensitivity <name>

Select a DLP file pattern sensitivity to match.

Select a DLP sensitivity.

string

Maximum length: 35

file-type

Select the number of a DLP file pattern table to match.

integer

Minimum value: 0 Maximum value: 4294967295

0

sensor <name>

Select DLP sensors.

Address name.

string

Maximum length: 35

label

MIP label dictionary.

string

Not Specified

archive

Enable/disable DLP archiving.

option

-

disable

 

Option

Description

disable

No DLP archiving.

enable

Enable full DLP archiving.

action

Action to take with content that this DLP profile matches.

option

-

allow

 

Option

Description

allow

Allow the content to pass through the FortiGate and do not create a log message.

log-only

Allow the content to pass through the FortiGate, but write a log message.

block

Block the content and write a log message.

quarantine-ip

Quarantine all traffic from the IP address and write a log message.

expiry

Quarantine duration in days, hours, minutes (format = dddhhmm).

user

Not Specified

5m