EasyManua.ls Logo

Fortinet Gate 60D - DLP Rules; Viewing the DLP Rule List

Fortinet Gate 60D
706 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Data Leak Prevention DLP Rules
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 515
http://docs.fortinet.com/Feedback
DLP Rules
DLP rules are the core element of the data leak prevention feature. These rules define the
data to be protected so the FortiGate unit can recognize it. For example, an included rule
uses regular expressions to describe Social Security number:
([0-6]\d{2}|7([0-6]\d|7[0-2]))[ \-]?\d{2}[ \-]\d{4}
Rather than having to list every possible Social Security number, this regular expression
describes the structure of a Social Security number. The pattern is easily recognizable by
the FortiGate unit. For more information about regular expressions, see “Using wildcards
and Perl regular expressions” on page 506.
DLP rules can be combined into compound rules and they can be included in sensors. If
rules are specified directly in a sensor, traffic matching any single rule will trigger the
configured action. If the rules are first combined into a compound rule and then specified
in a sensor, every rule in the compound rule must match the traffic to trigger the configured
action.
Individual rules in a sensor are linked with an implicit OR condition while rules within a
compound rule are linked with an implicit AND condition.
Viewing the DLP rule list
To view the DLP rule list, go to UTM > Data Leak Prevention > Rule.
Figure 340: The DLP rule list
Tip: The None action can be extremely useful when used with the Archive function.
Together, these two settings will have a rule log matching traffic but it to pass. This can be
useful when adding a new rule to FortiGate unit handling live traffic. The effect of the new
rule can be checked before it has any effect on network traffic.
Create New Select Create New to add a new rule.
Name The rule name.
Comments The optional description of the rule.
Compound Rules If the rule is included in any compound rules, the compound rule
names are listed here.
DLP Sensors If the rule is used in any sensors, the sensor names are listed here.
Delete and Edit icons Delete or edit a rule.
If a compound rule is used in a compound rule or a sensor, the delete
icon will not be available. Remove the compound rule from the
compound rule or sensor and then delete it.

Table of Contents