Handbook

Introduction
What's New
Key Concepts and Features
- Server load balancing
- Link load balancing
- Global load balancing
- Security
- High availability
- Virtual Domain (VDOM) and Administrative Domain (ADOM)
Getting Started
- Step 1: Install the appliance
- Step 2: Configure the management interface
- Step 3: Configure basic network settings
- Step 4: Test connectivity to destination servers
- Step 5: Complete product registration, licensing, and upgrades
- Step 6: Configure a basic server load balancing policy
- Step 7: Test the deployment
- Step 8: Back up the configuration
Dashboard
- Widgets
- Dashboard management tools
Security Fabric
- Automation
- Fabric connectors
- External connectors
FortiView
- Logical Topology
- Server Load Balance
- Security
- System
  - Event Logs
  - Automation
- Global Load Balance
  - Host
  - Data Analytics
- Link Load Balance
  - Gateway
- ZTNA FortiClient endpoint
System
- Settings
- Virtual Domain
- High Availability
- Traffic Group
- Administrator
- Global Resources
- WCCP
- SNMP
- Replacement Messages
- FortiGuard
  - Connecting to FortiGuard services
  - Configuring FortiGuard service settings
- Debug
- Certificate
Network
- Interface
- Routing
- NAT
  - Configuring source NAT
  - Configuring 1-to-1 NAT
- QoS
- Packet capture
Shared Resources
- Health Check
- Schedule Group
- Address
- Service
  - Creating service groups
  - Creating service objects
Server Load Balance
- Virtual Server
- Application Resources
- Application Optimization
- Real Server Pool
- Scripting
  - Using HTTP scripting
- SSL-FP Resources
Link Load Balance
- Link Policy
- Link Group
- Virtual Tunnel
Global Load Balance
- GLB Wizard
- FQDN
- Zone Tools
- Global Object
Web Application Firewall
- OWASP TOP10
- WAF Profile
- Known Web Attacks
  - Configuring a Web Attack Signature policy
  - Using the Signature Creation Wizard
- Common Attacks Detection
- Sensitive Data Protection
  - Configuring a Cookie Security policy
  - Configuring an HTTP Header Security policy
- Data Loss Prevention
- Input Validation
- Access Protection
- CORS Protection
- API Protection
- Bot Mitigation
- Web Vulnerability Scanner
Advanced Bot Protection (ABP)
- Enabling the Advanced Bot Protection connector
- Obtaining the Application ID from the FortiGuard ABP User Portal
- Configuring an Advanced Bot Protection policy
- Advanced Bot Protection troubleshooting and debugging
Network Security
- Firewall
- Intrusion Prevention
- AntiVirus
- IP Reputation
- Geo IP Protection
Zero Trust Network Access (ZTNA)
- How device identity and trust context is established with FortiClient EMS
- Configuring FortiClient EMS Connector for ZTNA
- Verifying client certificate, FortiClient endpoint and ZTNA tag synchronized from FortiClient EMS
- Configuring a ZTNA Profile
- ZTNA troubleshooting and debugging
DoS Protection
- DoS Protection Profile
- Application
- Networking
User Authentication
- Authentication Policy
- User Group
  - Configuring user groups
  - Configuring customized authentication forms
- Local User
- Remote User
- Using Kerberos Authentication Relay
  - Using HTTP Basic SSO
- SAML
  - Configure an SAML service provider
  - Import IDP Metadata
- AD FS Proxy
  - Adding an AD FS Publish
  - Adding an AD FS Proxy
- OAuth 2.0 authentication
Log & Report
- Using the traffic log
- Using the security log
- Using the script log
- Log Setting
- Report Setting
AI Threat Analytics
- AI Threat Analytics troubleshooting and debugging
SSL Advanced Services
- SSL offloading
- SSL decryption by forward proxy
- SSL profile configurations
- Certificate guidelines
- SSL/TLS versions and cipher suites
- Exceptions list
- SSL traffic mirroring
- HSM Integration
Best Practices and Fine-tuning
- Regular backups
  - Rebooting, resetting, and shutting down the system
  - SCP support for configuration backup
- Security
- Performance tips
- High availability
Troubleshooting
- Logs
- Tools
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
- Additional resources
Appendices
- Port Numbers
- Scripts
- Maximum Configuration Values
Change Log

Home FortiADC 7.4.3 Handbook

7.4.3

Configuring a DLP Sensor object

A DLP Sensor defines which dictionaries to check. You can match any dictionary or all dictionaries. It can also count the number of dictionary matches to trigger the sensor.

Before you begin:

You must have a valid FortiGuard DLP service license and have enabled the service on FortiADC. For details, see FortiGuard DLP service.
Configure a DLP Dictionary object. For details, see Configuring a DLP Dictionary object.

Predefined DLP Sensor objects

You can use the following predefined DLP Sensor objects in Data Loss Prevention rules.

Predefined DLP Sensor object	Match Type	Description	Dictionaries
can-hia	Any	Canadian Health Information Act (HIA) Sensor	can-pass-dict can-natl_id-sin-dict can-phin-dict can-health_service-dict
can-pii	Any	Canadian Personal Identifiable Information (PII) Sensor	can-dl-dict can-natl_id-sin-dict can-pass-dict can-health_service-dict can-bank_account-dict can-phin-dict
source_code	Any	Source Code Sensor	source_code-python source_code-c source_code-java

To configure a DLP Sensor:

Go to Web Application Firewall > Data Loss Prevention.
Click the DLP Sensor tab.
Click Create New to display the configuration editor.

Configure the following DLP Sensor settings:

Setting	Description
Name	Specify a name for the DLP Sensor object. Valid characters are `A`-`Z`, `a`-`z`, `0`-`9`, `_`, and `-`. No spaces. The configuration name cannot be edited once it has been saved.
Match Type	Select the match type: Any — Data meeting the criteria specified by any one of the dictionaries will be identified as a match. All — Data meeting the criteria specified by all dictionaries will be identified as a match. The default is Any.
Description	Comments about this DLP Sensor object.

Setting

Description

Name Specify a name for the DLP Sensor object.
Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. The configuration name cannot be edited once it has been saved.

Match Type

Select the match type:

Any — Data meeting the criteria specified by any one of the dictionaries will be identified as a match.
All — Data meeting the criteria specified by all dictionaries will be identified as a match.

The default is Any.

Description Comments about this DLP Sensor object.

Click Save.
After the DLP Sensor configuration is saved, the Dictionaries section becomes available to configure.
Under the Dictionaries section, click Create New to display the configuration editor.

Configure the following Dictionaries settings for the DLP Sensor:

Setting	Description
Status	Enable the Status if you intend to apply this sensor.
DLP Dictionary	Select a DLP Dictionary object from the drop-down menu.
Count	Specify the occurrence threshold for the dictionary match. The sensor will be triggered when the dictionary match reaches the specified number of times. Default: 1 Range: 1-255. For example, if the dictionary applies to credit card numbers and the count is set to 4, the sensor will be triggered when credit card number occurs four times in the HTTP request or response.

Setting

Description

Status

Enable the Status if you intend to apply this sensor.

DLP Dictionary

Select a DLP Dictionary object from the drop-down menu.

Count

Specify the occurrence threshold for the dictionary match. The sensor will be triggered when the dictionary match reaches the specified number of times. Default: 1 Range: 1-255.

For example, if the dictionary applies to credit card numbers and the count is set to 4, the sensor will be triggered when credit card number occurs four times in the HTTP request or response.

Click Save.
Once the Dictionaries configuration is saved, the editor dialog closes.
Click Save to update the DLP Sensor configuration.
Once the DLP Sensor is saved, you can reference it in a DLP Policy.

Configuring a DLP Sensor object

A DLP Sensor defines which dictionaries to check. You can match any dictionary or all dictionaries. It can also count the number of dictionary matches to trigger the sensor.

Before you begin:

You must have a valid FortiGuard DLP service license and have enabled the service on FortiADC. For details, see FortiGuard DLP service.
Configure a DLP Dictionary object. For details, see Configuring a DLP Dictionary object.

Predefined DLP Sensor objects

You can use the following predefined DLP Sensor objects in Data Loss Prevention rules.

Predefined DLP Sensor object	Match Type	Description	Dictionaries
can-hia	Any	Canadian Health Information Act (HIA) Sensor	can-pass-dict can-natl_id-sin-dict can-phin-dict can-health_service-dict
can-pii	Any	Canadian Personal Identifiable Information (PII) Sensor	can-dl-dict can-natl_id-sin-dict can-pass-dict can-health_service-dict can-bank_account-dict can-phin-dict
source_code	Any	Source Code Sensor	source_code-python source_code-c source_code-java

To configure a DLP Sensor:

Go to Web Application Firewall > Data Loss Prevention.
Click the DLP Sensor tab.
Click Create New to display the configuration editor.

Configure the following DLP Sensor settings:

Setting	Description
Name	Specify a name for the DLP Sensor object. Valid characters are `A`-`Z`, `a`-`z`, `0`-`9`, `_`, and `-`. No spaces. The configuration name cannot be edited once it has been saved.
Match Type	Select the match type: Any — Data meeting the criteria specified by any one of the dictionaries will be identified as a match. All — Data meeting the criteria specified by all dictionaries will be identified as a match. The default is Any.
Description	Comments about this DLP Sensor object.

Setting

Description

Name Specify a name for the DLP Sensor object.
Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. The configuration name cannot be edited once it has been saved.

Match Type

Select the match type:

Any — Data meeting the criteria specified by any one of the dictionaries will be identified as a match.
All — Data meeting the criteria specified by all dictionaries will be identified as a match.

The default is Any.

Description Comments about this DLP Sensor object.

Click Save.
After the DLP Sensor configuration is saved, the Dictionaries section becomes available to configure.
Under the Dictionaries section, click Create New to display the configuration editor.

Configure the following Dictionaries settings for the DLP Sensor:

Setting	Description
Status	Enable the Status if you intend to apply this sensor.
DLP Dictionary	Select a DLP Dictionary object from the drop-down menu.
Count	Specify the occurrence threshold for the dictionary match. The sensor will be triggered when the dictionary match reaches the specified number of times. Default: 1 Range: 1-255. For example, if the dictionary applies to credit card numbers and the count is set to 4, the sensor will be triggered when credit card number occurs four times in the HTTP request or response.

Setting

Description

Status

Enable the Status if you intend to apply this sensor.

DLP Dictionary

Select a DLP Dictionary object from the drop-down menu.

Count

Specify the occurrence threshold for the dictionary match. The sensor will be triggered when the dictionary match reaches the specified number of times. Default: 1 Range: 1-255.

For example, if the dictionary applies to credit card numbers and the count is set to 4, the sensor will be triggered when credit card number occurs four times in the HTTP request or response.

Click Save.
Once the Dictionaries configuration is saved, the editor dialog closes.
Click Save to update the DLP Sensor configuration.
Once the DLP Sensor is saved, you can reference it in a DLP Policy.