Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Blocking HTTPS upload traffic with credit card info example

Blocking HTTPS upload traffic with credit card info example

This configuration will block HTTPS upload traffic that includes credit card information. The pre-defined data type for credit card is used in the dictionary.

To configure blocking HTTPS upload traffic that includes credit card information:
  1. Go to Configuration > Security.
  2. For Profile Group, create a new profile group using + in the Profile Group dropdown list.
    1. In the Create Profile Group slide-in configure these settings:
      1. In the Name field, enter Custom-DLP-1.
      2. For Initial Configuration, select Basic.
    2. Click OK.
    3. When prompted to select the new entry, click OK.
  3. Disable all enabled security features (AntiVirus, Web Filter with Inline-CASB, Intrusion Prevention, DNS Filter, Application Control With Inline-CASB) using these steps for each security feature:
    1. Click the toggle button next to the security feature widget to disable the feature.
    2. Click OK to confirm disabling the security feature.
  4. In the SSL Inspection widget ensure deep inspection is enabled:
    1. For SSL inspection, click Customize:
    2. Select Deep Inspection.
    3. Click OK.
  5. Enable Data Loss Prevention (DLP).
  6. Create a DLP rule:
    1. In the Data Loss Prevention (DLP) widget, click Customize.
    2. In the DLP slide-in, click Create to create a new DLP rule.
    3. In the New Rule slide-in, configure these settings:

      Field

      Value

      Name

      		dlp-case-1

      Sensors

      		Select DLP sensors. You must create a new DLP sensor and then select it.

      Severity

      		Medium

      Action

      		Block

      Type

      		File

      File type

      		builtin-patterns

      Protocol

      		HTTP-GET, HTTP-POST
    4. Create a new sensor:
      1. Create a new sensor by clicking + next to Sensor.
      2. In the Select Entries slide-in, click + Create to the right to create a new sensor.
      3. In the New Sensor slide-in, configure these settings:

        Field

        Value

        Name

        sensor-case-1

        Entry matches needed to trigger sensor

        Any

        Table of entries

        Create a new entry.

    5. Create a sensor entry:
      1. Create a new sensor entry by clicking +Create.
      2. In the New Entry slide-in, configure these settings:

        Field

        Value

        ID

        1

        Dictionary

        Select the dictionary for this sensor entry. You must create a new dictionary and then select it.

        Dictionary matches needed to consider traffic DLP risk

        1

        Status

        Enabled

    6. Create a dictionary:
      1. Click the Dictionary field and click +Create to create a new DLP dictionary.
      2. In the New DLP Dictionary slide-in, configure these settings:

        Field

        Value

        Name

        dl-case-1

        Entry matches needed to trigger sensor

        Any

        Table of Dictionary Entries

        Create one or more dictionary entries.

    7. Create a dictionary entry:
      1. Create a new dictionary entry by clicking +Create.
      2. In the New Entry slide-in, configure these settings:

        Field

        Value

        Type

        credit-card

        Repeat

        Disable

        Status

        Enabled

    8. Click OK several times to complete the customization:
      1. Click OK to create the new dictionary entry.
      2. Click OK to create the DLP dictionary. Click OK when prompted to select the newly created dictionary.
      3. Click OK to create the new sensor entry.
      4. Click OK to create the new sensor. Click OK when prompted to select the newly created sensor. Click Close.
      5. Click OK to create the new DLP rule.
      6. Click OK to complete DLP configuration customization.
  7. Configure the updated profile group in a policy:
    1. Go to Configuration > Policies.
    2. Configure a new policy with these settings:

      Field

      Value

      Name

      Test-DLP-1

      Source Scope

      VPN Users

      Source

      All Traffic

      User

      All VPN Users

      Destination

      All Internet Traffic

      Service

      ALL

      Action

      Accept

      Profile Group

      Specify

      Select Custom-DLP-1

      Status

      Enable

      Log Allowed Traffic

      Enable

      Select All Sessions

    3. Click OK.

  8. Drag the Test-DLP-1 to the top of the policy list. Ensure it is placed above Allow-All.

To verify blocking HTTPS upload traffic that includes credit card information is working:
  1. Ensure that your endpoint with FortiClient installed is registered with FortiSASE Endpoint Management Service and that you have established a secure connection to FortiSASE.
  2. On the connected endpoint, open the Chrome web browser in incognito mode.
  3. In the web browser, go to https://dlptest.com/sample-data/. Copy one of the credit card numbers from the page and paste it into a Word document. Save the document in .DOC format to your endpoint local drive as cc-test.doc.
  4. Go to https://dlptest.com/https-post/. Under File Upload, select the .DOC file created and click Submit. Since HTTP POST traffic for the PDF file upload includes a credit card number, FortiSASE blocks the file and generates a DLP log.
  5. In FortiSASE, go to Analytics > Security > Data Loss Prevention (DLP) and confirm that FortiSASE generated a DLP block log entry that corresponds to your VPN user and cc-test.doc filename.

Previous
Next

Blocking HTTPS upload traffic with credit card info example

This configuration will block HTTPS upload traffic that includes credit card information. The pre-defined data type for credit card is used in the dictionary.

To configure blocking HTTPS upload traffic that includes credit card information:
  1. Go to Configuration > Security.
  2. For Profile Group, create a new profile group using + in the Profile Group dropdown list.
    1. In the Create Profile Group slide-in configure these settings:
      1. In the Name field, enter Custom-DLP-1.
      2. For Initial Configuration, select Basic.
    2. Click OK.
    3. When prompted to select the new entry, click OK.
  3. Disable all enabled security features (AntiVirus, Web Filter with Inline-CASB, Intrusion Prevention, DNS Filter, Application Control With Inline-CASB) using these steps for each security feature:
    1. Click the toggle button next to the security feature widget to disable the feature.
    2. Click OK to confirm disabling the security feature.
  4. In the SSL Inspection widget ensure deep inspection is enabled:
    1. For SSL inspection, click Customize:
    2. Select Deep Inspection.
    3. Click OK.
  5. Enable Data Loss Prevention (DLP).
  6. Create a DLP rule:
    1. In the Data Loss Prevention (DLP) widget, click Customize.
    2. In the DLP slide-in, click Create to create a new DLP rule.
    3. In the New Rule slide-in, configure these settings:

      Field

      Value

      Name

      		dlp-case-1

      Sensors

      		Select DLP sensors. You must create a new DLP sensor and then select it.

      Severity

      		Medium

      Action

      		Block

      Type

      		File

      File type

      		builtin-patterns

      Protocol

      		HTTP-GET, HTTP-POST
    4. Create a new sensor:
      1. Create a new sensor by clicking + next to Sensor.
      2. In the Select Entries slide-in, click + Create to the right to create a new sensor.
      3. In the New Sensor slide-in, configure these settings:

        Field

        Value

        Name

        sensor-case-1

        Entry matches needed to trigger sensor

        Any

        Table of entries

        Create a new entry.

    5. Create a sensor entry:
      1. Create a new sensor entry by clicking +Create.
      2. In the New Entry slide-in, configure these settings:

        Field

        Value

        ID

        1

        Dictionary

        Select the dictionary for this sensor entry. You must create a new dictionary and then select it.

        Dictionary matches needed to consider traffic DLP risk

        1

        Status

        Enabled

    6. Create a dictionary:
      1. Click the Dictionary field and click +Create to create a new DLP dictionary.
      2. In the New DLP Dictionary slide-in, configure these settings:

        Field

        Value

        Name

        dl-case-1

        Entry matches needed to trigger sensor

        Any

        Table of Dictionary Entries

        Create one or more dictionary entries.

    7. Create a dictionary entry:
      1. Create a new dictionary entry by clicking +Create.
      2. In the New Entry slide-in, configure these settings:

        Field

        Value

        Type

        credit-card

        Repeat

        Disable

        Status

        Enabled

    8. Click OK several times to complete the customization:
      1. Click OK to create the new dictionary entry.
      2. Click OK to create the DLP dictionary. Click OK when prompted to select the newly created dictionary.
      3. Click OK to create the new sensor entry.
      4. Click OK to create the new sensor. Click OK when prompted to select the newly created sensor. Click Close.
      5. Click OK to create the new DLP rule.
      6. Click OK to complete DLP configuration customization.
  7. Configure the updated profile group in a policy:
    1. Go to Configuration > Policies.
    2. Configure a new policy with these settings:

      Field

      Value

      Name

      Test-DLP-1

      Source Scope

      VPN Users

      Source

      All Traffic

      User

      All VPN Users

      Destination

      All Internet Traffic

      Service

      ALL

      Action

      Accept

      Profile Group

      Specify

      Select Custom-DLP-1

      Status

      Enable

      Log Allowed Traffic

      Enable

      Select All Sessions

    3. Click OK.

  8. Drag the Test-DLP-1 to the top of the policy list. Ensure it is placed above Allow-All.

To verify blocking HTTPS upload traffic that includes credit card information is working:
  1. Ensure that your endpoint with FortiClient installed is registered with FortiSASE Endpoint Management Service and that you have established a secure connection to FortiSASE.
  2. On the connected endpoint, open the Chrome web browser in incognito mode.
  3. In the web browser, go to https://dlptest.com/sample-data/. Copy one of the credit card numbers from the page and paste it into a Word document. Save the document in .DOC format to your endpoint local drive as cc-test.doc.
  4. Go to https://dlptest.com/https-post/. Under File Upload, select the .DOC file created and click Submit. Since HTTP POST traffic for the PDF file upload includes a credit card number, FortiSASE blocks the file and generates a DLP log.
  5. In FortiSASE, go to Analytics > Security > Data Loss Prevention (DLP) and confirm that FortiSASE generated a DLP block log entry that corresponds to your VPN user and cc-test.doc filename.

Previous
Next