Data Leak Prevention
DLP Rules
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
515
DLP Rules
DLP rules are the core element of the data leak prevention feature. These rules define the
data to be protected so the FortiGate unit can recognize it. For example, an included rule
uses regular expressions to describe Social Security number:
([0-6]\d{2}|7([0-6]\d|7[0-2]))[ \-]?\d{2}[ \-]\d{4}
Rather than having to list every possible Social Security number, this regular expression
describes the structure of a Social Security number. The pattern is easily recognizable by
the FortiGate unit. For more information about regular expressions, see
and Perl regular expressions” on page 506
.
DLP rules can be combined into compound rules and they can be included in sensors. If
rules are specified directly in a sensor, traffic matching any single rule will trigger the
configured action. If the rules are first combined into a compound rule and then specified
in a sensor, every rule in the compound rule must match the traffic to trigger the configured
action.
Individual rules in a sensor are linked with an implicit OR condition while rules within a
compound rule are linked with an implicit AND condition.
Viewing the DLP rule list
To view the DLP rule list, go to
UTM > Data Leak Prevention > Rule
.
Figure 340: The DLP rule list
Tip:
The
None
action can be extremely useful when used with the
Archive
function.
Together, these two settings will have a rule log matching traffic but it to pass. This can be
useful when adding a new rule to FortiGate unit handling live traffic. The effect of the new
rule can be checked before it has any effect on network traffic.
Create New
Select
Create New
to add a new rule.
Name
The rule name.
Comments
The optional description of the rule.
Compound Rules
If the rule is included in any compound rules, the compound rule
names are listed here.
DLP Sensors
If the rule is used in any sensors, the sensor names are listed here.
Delete and Edit icons
Delete or edit a rule.
If a compound rule is used in a compound rule or a sensor, the delete
icon will not be available. Remove the compound rule from the
compound rule or sensor and then delete it.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...