Fortinet black logo

CLI Reference

dlp scan-rules

dlp scan-rules

Use these commands to prevent sensitive data from leaving your network.

Syntax

config dlp scan-rules

edit <rule_name>

config_conditions

edit <condition_id_>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

config_exceptions

edit <exception_id)>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

end

Variable

Description

Default

<rule_name>

Enter a descriptive name for the rule.

No default.

conditions

Select either Match all conditions or Match any condition.

exceptions

Email matching the exceptions will not be scanned.

attribute

Enter a descriptive name.

file-pattern

Enter a filename pattern to restrict fingerprinting to only those files that match the pattern.

group-type

Set whether the group is local or LDAP.

ldap-profile

Select your LDAP profile.

operator

Enter the scan conditions (contains/does not contain).

sensitive-data

Enter a predefined sensitive information term.

value

Enter the attribute value in string format.

dlp scan-rules

Use these commands to prevent sensitive data from leaving your network.

Syntax

config dlp scan-rules

edit <rule_name>

config_conditions

edit <condition_id_>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

config_exceptions

edit <exception_id)>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

end

Variable

Description

Default

<rule_name>

Enter a descriptive name for the rule.

No default.

conditions

Select either Match all conditions or Match any condition.

exceptions

Email matching the exceptions will not be scanned.

attribute

Enter a descriptive name.

file-pattern

Enter a filename pattern to restrict fingerprinting to only those files that match the pattern.

group-type

Set whether the group is local or LDAP.

ldap-profile

Select your LDAP profile.

operator

Enter the scan conditions (contains/does not contain).

sensitive-data

Enter a predefined sensitive information term.

value

Enter the attribute value in string format.