DOCUMENT LIBRARY

CLI Reference

Using the CLI
config
execute
- backup
- backup-restore
- blocklist
- certificate
- checklogdisk
- checkmaildisk
- cleanqueue
- create
- date
- db
- dlp
- endpoint
- erase-filesystem
- factoryreset
- factoryreset config
- factoryreset disk
- factoryreset keeplicense
- factoryreset shutdown
- fips
- formatlogdisk
- formatmaildisk
- formatmaildisk-backup
- forticloud
- ha commands
- ibe data
- ibe user
- license
- lvm
- maintain
- nslookup
- partitionlogdisk
- ping
- ping-option
- ping6
- ping6-option
- raid
- reboot
- reload
- restore as
- restore av
- restore config
- restore image
- restore mail-queues
- safelist
- sched-backup
- shutdown
- smtptest
- ssh
- storage
- telnettest
- traceroute
- update
- user-config
- vm
get
- system performance
- system status
show & show full-configuration
Change Log

Home FortiMail 7.0.4 CLI Reference

7.0.4

dlp scan-rules

dlp scan-rules

Use these commands to prevent sensitive data from leaving your network.

Syntax

config dlp scan-rules

edit <rule_name>

config conditions

edit <condition_id>

set attribute {attachment | attachment_metadata | body | body_and_attachment | header | recipient | sender | sender_or_recipient | subject}

set file-pattern {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

set group-type {local | ldap}

set ldap-profile <profile_name>

set operator {contain | contain_file_pattern | contain_sensitive_data | empty | equal | external | internal | match | not_contain | not_equal | not_present | password_protected | present}

set sensitive-data {...}

set value <string>

config exceptions

edit <exception_id>

set attribute {attachment | attachment_metadata | body | body_and_attachment | header | recipient | sender | sender_or_recipient | subject}

set file-pattern {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

set group-type {local | ldap}

set ldap-profile <profile_name>

set operator {contain | contain_file_pattern | contain_sensitive_data | empty | equal | external | internal | match | not_contain | not_equal | not_present | password_protected | present}

set sensitive-data {...}

set value <string>

set description <string>

set condition-relation {and | or}

end

Variable	Description	Default
<rule_name>	Enter a descriptive name for the rule.
description <string>	Enter a description for the DLP scan rule.
condition-relation {and \| or}	Define the relationship among conditions.	and
conditions	Configure matching or non-matching conditions to be scanned.
exceptions	Configure email matching exceptions that will not be scanned.
attribute {attachment \| attachment_metadata \| body \| body_and_attachment \| header \| recipient \| sender \| sender_or_recipient \| subject}	Select the condition/exception criteria attribute to be matched.	subject
file-pattern {archive \| audio \| encrypted \| executable_windows \| image \| msoffice \| openoffice \| script \| video}	Enter a filename pattern to restrict fingerprinting to only those files that match the pattern.
group-type {local \| ldap}	Set whether the group is local or LDAP.	local
ldap-profile <profile_name>	Select your LDAP profile.
operator {contain \| contain_file_pattern \| contain_sensitive_data \| empty \| equal \| external \| internal \| match \| not_contain \| not_equal \| not_present \| password_protected \| present}	Enter the scan conditions (for example, `contain` or `not_contain`). Options available depend on what `attribute` is set to.	contain
sensitive-data {...}	Enter a predefined sensitive information term.
value <string>	Enter the attribute value in string format.

Previous

Next

dlp scan-rules

dlp scan-rules

Use these commands to prevent sensitive data from leaving your network.

Syntax

config dlp scan-rules

edit <rule_name>

config conditions

edit <condition_id>

set attribute {attachment | attachment_metadata | body | body_and_attachment | header | recipient | sender | sender_or_recipient | subject}

set file-pattern {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

set group-type {local | ldap}

set ldap-profile <profile_name>

set operator {contain | contain_file_pattern | contain_sensitive_data | empty | equal | external | internal | match | not_contain | not_equal | not_present | password_protected | present}

set sensitive-data {...}

set value <string>

config exceptions

edit <exception_id>

set attribute {attachment | attachment_metadata | body | body_and_attachment | header | recipient | sender | sender_or_recipient | subject}

set file-pattern {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

set group-type {local | ldap}

set ldap-profile <profile_name>

set operator {contain | contain_file_pattern | contain_sensitive_data | empty | equal | external | internal | match | not_contain | not_equal | not_present | password_protected | present}

set sensitive-data {...}

set value <string>

set description <string>

set condition-relation {and | or}

end

Variable	Description	Default
<rule_name>	Enter a descriptive name for the rule.
description <string>	Enter a description for the DLP scan rule.
condition-relation {and \| or}	Define the relationship among conditions.	and
conditions	Configure matching or non-matching conditions to be scanned.
exceptions	Configure email matching exceptions that will not be scanned.
attribute {attachment \| attachment_metadata \| body \| body_and_attachment \| header \| recipient \| sender \| sender_or_recipient \| subject}	Select the condition/exception criteria attribute to be matched.	subject
file-pattern {archive \| audio \| encrypted \| executable_windows \| image \| msoffice \| openoffice \| script \| video}	Enter a filename pattern to restrict fingerprinting to only those files that match the pattern.
group-type {local \| ldap}	Set whether the group is local or LDAP.	local
ldap-profile <profile_name>	Select your LDAP profile.
operator {contain \| contain_file_pattern \| contain_sensitive_data \| empty \| equal \| external \| internal \| match \| not_contain \| not_equal \| not_present \| password_protected \| present}	Enter the scan conditions (for example, `contain` or `not_contain`). Options available depend on what `attribute` is set to.	contain
sensitive-data {...}	Enter a predefined sensitive information term.
value <string>	Enter the attribute value in string format.

Previous

Next