Dlp Compound Rules; Viewing The Dlp Compound Rule List - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Data Leak Prevention
DLP Compound Rules
Viewing the DLP compound rule list
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
matches/does not match
ASCII/UTF-8
Regular
Expression/Wildcard
is/is not
==/>=/<=/!=
DLP compound rules are groupings of DLP rules that also change the way they behave
when added to a DLP sensor. Individual rules can be configured with only a single
attribute. When this attribute is discovered in network traffic, the rule is activated.
Compound rules allow you to group individual rules to specify far more detailed activation
conditions. Each included rule is configured with a single attribute, but every attribute must
be present before the rule is activated.
For example, create two rules and add them to a sensor:
•
Rule 1 checks SMTP traffic for a sender address of spammer@example.com
•
Rule 2 checks SMTP traffic for the word "sale" in the message body
When the sensor is used, either rule could be activated its configured condition is true. If
only one condition is true, only the corresponding rule would be activated. Depending on
the contents of the SMTP traffic, neither, either, or both could be activated.
If you remove these rules from the sensor, add them to a compound rule, and add the
compound rule to the sensor, the conditions in both rules have to be present in network
traffic to activate the compound rule. If only one condition is present, the message passes
without any rule or compound rule being activated.
By combining the individually configurable attributes of multiple rules, compound rules
allow you to specify far more detailed and specific conditions to trigger an action.
To view the DLP compound rule list, go to UTM > Data Leak Prevention > Compound.
This operator specifies whether the FortiGate unit is searching for the
presence of specified string, or for the absence of the specified string.
•
Matches: The rule will be triggered if the specified string is found in
network traffic.
•
Does not match: The rule will be triggered if the specified string is
not found in network traffic.
Select the encoding used for text files and messages.
Select the means by which patterns are defined.
For more information about wildcards and regular expressions, see
"Using wildcards and Perl regular expressions" on page 578
This operator specifies if the rule is triggered when a condition is true
or not true.
•
Is: The rule will be triggered if the rule is true.
•
Is not: The rule will be triggered if the rule is not true.
For example, if a rule specifies that a file type is found within a
specified file type list, all matching files will trigger the rule.
Conversely, if the rule specifies that a file type is not found in a file
type list, only the file types not in the list would trigger the rule.
These operators allow you to compare the size of a transfer or
attached file to an entered value.
•
== is equal to the entered value.
•
>= is greater than or equal to the entered value.
•
<= is less than or equal to the entered value.
•
!= is not equal to the entered value.
DLP Compound Rules
599
Advertisement
Table of Contents
