Data Leak Prevention DLP Rules
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 597
http://docs.fortinet.com/ • Feedback
Protocol Select the type of content traffic that the DLP rule the rule will apply to.
The available rule options vary depending on the protocol that you
select. You can select the following protocols: Email, HTTP, FTP,
NNTP, Instant Messaging and Session Control.
AIM, ICQ, MSN, Yahoo! When you select the Instant Messaging protocol, you can configure
the rule to apply to file transfers using any or all of the supported IM
protocols (AIM, ICQ, MSN, and Yahoo!).
Only file transfers using the IM protocols are subject to DLP rules. IM
messages are not scanned.
HTTP POST, HTTP GET When you select the HTTP protocol, you can configure the rule to
apply to HTTP post or HTTP get traffic or both.
HTTPS POST, HTTPS
GET
When you select the HTTP protocol, if your FortiGate unit supports
SSL content scanning and inspection, you can also configure the
HTTP rule to apply to HTTPS get or HTTPS post sessions or both. For
more information about SSL content scanning and inspection, see
“Configuring SSL content scanning and inspection” on page 484.
To scan these encrypted traffic types, you must set HTTPS Content
Filtering Mode to Deep Scan (Decrypt on SSL Traffic) in the Protocol
Recognition section of the protection profile. If URL Filtering is
selected, the DLP sensors will not scan HTTPS content.
FTP PUT, FTP GET When you select the FTP protocol, you can configure the rule to apply
to FTP put, or FTP get sessions or both.
SMTP, IMAP, POP3 When you select the Email protocol, you can configure the rule to
apply to any or all of the supported email protocols (SMTP, IMAP, and
POP3).
SMTPS IMAPS POP3S When you select the Email protocol, if your FortiGate unit supports
SSL content scanning and inspection, you can also configure the rule
to apply to SMTPS, IMAPS, POP3S or any combination of these
protocols.
For more information about SSL content scanning and inspection, see
“Configuring SSL content scanning and inspection” on page 484.
SIP, SIMPLE, SCCP When you select the Session Control protocol, you can configure the
rule to apply to any or all of the supported session control protocols
(SIP, SIMPLE, and SCCP). The only rule option for the session control
protocols is Always. This option matches all session control traffic is
used for session control DLP archiving.
File Options You can select file options for any protocol to configure how the DLP
rule handles archive files, MS-Word files, and PDF files found in
content traffic. File options appear when you select File Type rule
option.
Scan archive contents When selected, files within archives are extracted and scanned in the
same way as files that are not archived.
Scan archive files
whole
When selected, archives are scanned as a whole. The files within the
archive are not extracted and scanned individually.
Scan MS-Word text When selected the text contents of MS Word DOC documents are
extracted and scanned for a match. All metadata and binary
information is ignored.
Note: Office 2007/2008 DOCX files are not recognized as MS-Word
by the DLP scanner. To scan the contents of DOCX files, select the
Scan archive contents option.
Scan MS-Word file
whole
When selected, MS Word DOC files are scanned. All binary and
metadata information is included.
If you are scanning for text entered in a DOC file, use the
Scan MS-Word option. Binary formatting codes and file information
may appear within the text, causing text matches to fail.
Note: Office 2007/2008 DOCX files are not recognized as MS-Word
by the DLP scanner. To scan the contents of DOCX files, select the
Scan archive contents option.
Scan PDF text When selected, the text contents of PDF documents are extracted and
scanned for a match. All metadata and binary information is ignored.
To Next Page
Loading...
Need help?
General
