DLP Compound Rules Data Leak Prevention
FortiGate Version 4.0 Administration Guide
520 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
• Rule 2 checks SMTP traffic for the word “sale” in the message body
When the sensor is used, either rule could be activated its configured condition is true. If
only one condition is true, only the corresponding rule would be activated. Depending on
the contents of the SMTP traffic, neither, either, or both could be activated.
If you remove these rules from the sensor, add them to a compound rule, and add the
compound rule to the sensor, the conditions in both rules have to be present in network
traffic to activate the compound rule. If only one condition is present, the message passes
without any rule or compound rule being activated.
By combining the individually configurable attributes of multiple rules, compound rules
allow you to specify far more detailed and specific conditions to trigger an action.
Viewing the DLP compound rule list
To view the DLP compound rule list, go to UTM > Data Leak Prevention > Compound.
Figure 342: DLP compound rule list
Adding and configuring DLP compound rules
Go to UTM > Data Leak Prevention > Compound. To add a new compound rule, select
Create New. To edit an existing compound rule, select the edit icon of the compound rule
to be changed.
Figure 343: DLP compound rule
Create New Select Create New to add a new compound rule.
Name The compound rule name.
Comments The optional description of the compound rule.
DLP sensors If the compound rule is used in any sensors, the sensor names are
listed here.
Delete and Edit icons Delete or edit a compound rule.
If a compound rule is used in a sensor, the delete icon will not be
available. Remove the compound rule from the sensor and then delete
it.
To Next Page
Loading...