Data Leak Prevention
DLP Compound Rules
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
519
Rule operators:
DLP Compound Rules
DLP compound rules are groupings of DLP rules that also change the way they behave
when added to a DLP sensor. Individual rules can be configured with only a single
attribute. When this attribute is discovered in network traffic, the rule is activated.
Compound rules allow you to group individual rules to specify far more detailed activation
conditions. Each included rule is configured with a single attribute, but every attribute must
be present before the rule is activated.
For example, create two rules and add them to a sensor:
•
Rule 1 checks SMTP traffic for a sender address of [email protected]
Receiver
Search for the specified string in the message recipient email address.
This option is available for Email.
Sender
Search for the specified string in the message sender user ID or email
address. This option is available for Email and IM.
For email, the sender is determined by the From: address in the email
header. For IM, all members of an IM session are senders and the
senders are determined by finding the IM user IDs in the session.
Server
Search for the server’s IP address in a specified address range.
This option is available for FTP, NNTP.
Subject
Search for the specified string in the message subject.
This option is available for Email.
Transfer size
Check the total size of the information transfer. In the case of email
traffic for example, the transfer size includes the message header,
body, and any encoded attachment.
URL
Search for the specified URL in HTTP traffic.
User group
Search for traffic from any user in the specified user group.
matches/does not match
This operator specifies whether the FortiGate unit is searching for the
presence of specified string, or for the absence of the specified string.
•
Matches: The rule will be triggered if the specified string is found in
network traffic.
•
Does not match: The rule will be triggered if the specified string is
not found in network traffic.
ASCII/UTF-8
Select the encoding used for text files and messages.
Regular
Expression/Wildcard
Select the means by which patterns are defined.
For more information about wildcards and regular expressions, see
“Using wildcards and Perl regular expressions” on page 506
is/is not
This operator specifies if the rule is triggered when a condition is true
or not true.
•
Is: The rule will be triggered if the rule is true.
•
Is not: The rule will be triggered if the rule is not true.
For example, if a rule specifies that a file type is found within a
specified file type list, all matching files will trigger the rule.
Conversely, if the rule specifies that a file type is not found in a file
type list, only the file types not in the list would trigger the rule.
==/>=/<=/!=
These operators allow you to compare the size of a transfer or
attached file to an entered value.
•
== is equal to the entered value.
•
>= is greater than or equal to the entered value.
•
<= is less than or equal to the entered value.
•
!= is not equal to the entered value.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...