Fortinet black logo

Administration Guide

DLP configuration workflow

DLP configuration workflow

DLP is enabled by default on high-end platforms. For performance reasons, it is disabled by default on low-end platforms.
To use the DLP feature
  1. Enable the DLP feature using the following hidden command.
  2. config system global

    set data-loss-prevention enable

    end

  3. Define the sensitive data first. See Defining the sensitive data.
  4. Define the DLP scan rules which specify the information to be checked in the email traffic. See Configuring DLP rules.
  5. Define DLP profiles, which use one or more rules. See Configuring DLP profiles. You also specify the actions for the matched rules. These are the same action profiles you use in the content profiles. See Configuring content action profiles.
  6. Apply the DLP profiles to the IP or recipient based policies. See Controlling email based on sender and recipient addresses and Controlling email based on IP addresses.

DLP configuration workflow

DLP is enabled by default on high-end platforms. For performance reasons, it is disabled by default on low-end platforms.
To use the DLP feature
  1. Enable the DLP feature using the following hidden command.
  2. config system global

    set data-loss-prevention enable

    end

  3. Define the sensitive data first. See Defining the sensitive data.
  4. Define the DLP scan rules which specify the information to be checked in the email traffic. See Configuring DLP rules.
  5. Define DLP profiles, which use one or more rules. See Configuring DLP profiles. You also specify the actions for the matched rules. These are the same action profiles you use in the content profiles. See Configuring content action profiles.
  6. Apply the DLP profiles to the IP or recipient based policies. See Controlling email based on sender and recipient addresses and Controlling email based on IP addresses.