FortiGuard DLP service
The FortiGuard DLP service offers a database of predefined DLP patterns such as data types, dictionaries, and sensors. Example include:
- Drivers licenses for various countries, various states in the USA, and various provinces in Canada
- Tax numbers for various countries
- Credit card numbers
- Bank statements
When enabled, the DLP database (DLDB) is downloaded to the FortiGate and its predefined patterns can be configured in DLP profiles.
To configure DLP database updates:
config system fortiguard set update-dldb {enable | disable} end
To verify the database signature status:
# diagnose autoupdate versions ... DLP Signature --------- Version: 1.00010 signed Contract Expiry Date: n/a Last Updated using manual update on Fri Jan 27 15:25:00 2023 Last Update Attempt: Mon Jan 30 15:18:39 2023 Result: No Updates
Example
In this example, the administrator wants to look for data leakage of Canadian social insurance number (SIN) information and block this traffic. A DLP profile is created that uses the predefined dictionary, fg-can-natl_id-sin-dict, to check for Canadian Social Insurance Numbers (SINs).
To verify that the Canadian SIN data type is added to the list of predefined data types:
show dlp data-type config dlp data-type ... edit "fg-can-natl_id-proximity" set pattern "fortiguard dlp signature" next end
To configure the DLP profile in the GUI:
-
Configure the DLP sensor using the predefined dictionary from FortiGuard:
-
Go to Security Profiles > Data Loss Prevention, select the Sensors tab, and click Create New.
-
Enter a name (sin).
-
In the Sensor Entries section, click Create New.
-
Set the Dictionary to fg-can-natl_id-sin-dict and click OK.
-
Click OK to save the sensor.
-
-
Configure the DLP profile:
-
Go to Security Profiles > Data Loss Prevention, select the Profiles tab, and click Create New.
-
Enter a name (test).
-
In the Rules section, click Create New.
-
Configure the following settings:
Name
test
Sensors
sin
Severity
Medium
Action
Block
Type
File
File type
all_executables
Protocol
SMTP, POP3, IMAP, HTTP-GET, HTTP-POST, FTP
-
Click OK.
-
Click OK to save the profile.
-
To configure the DLP profile in the CLI:
-
Configure the DLP sensor using the predefined dictionary from FortiGuard:
config dlp sensor edit "sin" config entries edit 1 set dictionary "fg-can-natl_id-sin-dict" next end next end
-
Configure the DLP profile:
config dlp profile edit "test" set feature-set proxy config rule edit 1 set name "test" set proto smtp pop3 imap http-get http-post ftp set filter-by sensor set file-type 2 set sensor "sin" set action block next end next end