Fortinet black logo

Version:

7.2.2
7.2.1
7.2.0

Version:

7.0.5
7.0.5
7.0.4

Version:

7.0.3
7.0.2
7.0.1

Version:

7.0.0
6.4.7
6.4.6

Version:

6.4.5
6.4.4
6.4.3

Version:

6.4.2
6.4.1
6.4.0

Version:

6.2.0
6.0.4
6.0.3

Version:

6.0.1
6.0.0
5.4.9

Version:

5.4.8
5.4.6
5.4.5

Version:

5.4.4
5.4.3
5.4.0

Table of Contents

CLI Reference

6.2.0
7.2.2
7.2.1
7.2.0
7.0.5
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.0
6.0.4
6.0.3
6.0.1
6.0.0
5.4.9
5.4.8
5.4.6
5.4.5
5.4.4
5.4.3
5.4.0
Download PDF
Copy Link

dlp scan-rules

Use these commands to prevent sensitive data from leaving your network.

Syntax

config dlp scan-rules

edit <rule_name>

config_conditions

edit <condition_id_>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

config_exceptions

edit <exception_id)>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

end

Variable

Description

Default

<rule_name>

Enter a descriptive name for the rule.

No default.

conditions

Select either Match all conditions or Match any condition.

 

exceptions

Email matching the exceptions will not be scanned.

 

attribute

Enter a descriptive name.

 

file-pattern

Enter a filename pattern to restrict fingerprinting to only those files that match the pattern.

 

group-type

Set whether the group is local or LDAP.

 

ldap-profile

Select your LDAP profile.

 

operator

Enter the scan conditions (contains/does not contain).

 

sensitive-data

Enter a predefined sensitive information term.

 

value

Enter the attribute value in string format.

 

dlp scan-rules

Use these commands to prevent sensitive data from leaving your network.

Syntax

config dlp scan-rules

edit <rule_name>

config_conditions

edit <condition_id_>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

config_exceptions

edit <exception_id)>

set attribute

set file-pattern

set group-type

set ldap-profile

set operator

set sensitive-data

set value

end

Variable

Description

Default

<rule_name>

Enter a descriptive name for the rule.

No default.

conditions

Select either Match all conditions or Match any condition.

 

exceptions

Email matching the exceptions will not be scanned.

 

attribute

Enter a descriptive name.

 

file-pattern

Enter a filename pattern to restrict fingerprinting to only those files that match the pattern.

 

group-type

Set whether the group is local or LDAP.

 

ldap-profile

Select your LDAP profile.

 

operator

Enter the scan conditions (contains/does not contain).

 

sensitive-data

Enter a predefined sensitive information term.

 

value

Enter the attribute value in string format.