Data Leak Prevention Sensor Options - Fortinet FortiGate Series Administration Manual

Firewall Protection Profile

Data Leak Prevention Sensor options

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Banned word check
Banned word list
Threshold
Spam Action
Tag Location
Tag Format
You apply data leak prevention (DLP) to traffic by selecting a data leak prevention sensor.
You can use DLP to prevent sensitive data from leaving your network and to provide DLP
archiving.
Select to block email messages based on matching the content of
the message with the words or patterns in the selected email filter
banned word list. For more information, see
page 570.
Select the banned word list to add to the protection profile. For more
information, see "Creating a new banned word list" on page
Enter a email filter banned word block threshold.
Each entry in the banned word list added to the protection profile
incudes a score. When an email message is matched with an entry
in the banned word list, the score is recorded. If an email message
matches more than one entry, the score for the email message
increases. When the total score for an email message equals or
exceeds the threshold, the message is tagged as spam.
The default score for a banned word list entry is 10 and the default
threshold is 10. This means that by default an email message is
tagged as spam by a single match. You can change the scores and
threshold so email messages are only tagged as spam if there are
multiple matches.
Select to either tag or discard email that the FortiGate unit
determines to be spam. Tagging adds the text in the Tag Format
field to the subject line or header of email identified as spam.
Note: When you enable virus scanning for SMTP and SMTPS in the
Anti-virus section of the protection profile, scanning by splice, also
called streaming mode, is enabled automatically. When scanning by
splice, the FortiGate unit simultaneously scans and streams traffic to
the destination, terminating the stream to the destination if a virus is
detected. For details on configuring splicing, see the splice option
for each protocol in the config firewall profile command in
the FortiGate CLI Reference. For details on splicing behavior for
SMTP, see the Knowledge Center article
Client Comforting Technical
When virus scanning is enabled for SMTP the FortiGate unit can
only discard spam email if a virus is detected. Discarding
immediately drops the connection. If virus scanning is not enabled,
you can choose to either tag or discard SMTP spam.
Select to add the tag to the subject or MIME header of email
identified as spam.
If you select to add the tag to the subject line, the FortiGate unit
converts the entire subject line, including the tag, to UTF-8 format.
This improves display for some email clients that cannot properly
display subject lines that use more than one encoding. For details on
preventing conversion of subject line to UTF-8, see the "System
Settings" chapter of the FortiGate CLI
To add the tag to the MIME header, you must enable
spamhdrcheck in the CLI for each protocol (IMAP, SMTP, and
POP3). For more information see "profile" in the
Reference.
Enter a word or phrase with which to tag email identified as spam.
When typing a tag, use the same language as the FortiGate unit's
current administrator language setting. Tag text using other
encodings may not be accepted. For example, when entering a
spam tag that uses Japanese characters, first verify that the
administrator language setting is Japanese; the FortiGate unit will
not accept a spam tag written in Japanese characters while the
administrator language setting is English. For details on changing
the language setting, see "Settings" on page
Tags must not exceed 64 bytes. The number of characters
constituting 64 bytes of data varies by text encoding, which may vary
by the FortiGate administrator language setting.
Configuring a protection profile
"Banned word" on
FortiGate Proxy Splice and
Note.
Reference.
FortiGate CLI
286.
571.
501