Viewing Dlp Archives; Dlp Rules; Viewing The Dlp Rule List - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
DLP Rules
Viewing DLP archives
DLP Rules
Viewing the DLP rule list
594
Note: Infected files are clearly indicated in the DLP Archive Email message list.
Go to Log & Report > DLP Archive to view all DLP archived content stored on a
FortiAnalyzer unit or the FortiGuard Analysis and Management server.
The DLP Archive menu is only visible if you have configured the FortiGate unit for remote
logging and archiving to a FortiAnalyzer unit or to the FortiGuard Analysis and
Management Service.
To view DLP archives
1 Go to Log&Report > DLP Archive.
2 Select the following tabs to view DLP archives for one of these protocols.
• E-mail to view POP3, IMAP, SMTP, POP3S, IMAPS, SMTPS, and spam email
archives.
• Web to view HTTP and HTTPS archives.
• FTP to view FTP archives.
• IM to view AIM, ICQ, MSN, and Yahoo! archives.
• VoIP to view session control (SIP, SIMPLE and SCCP) archives.
DLP rules are the core element of the data leak prevention feature. These rules define the
data to be protected so the FortiGate unit can recognize it. For example, an included rule
uses regular expressions to describe Social Security number:
([0-6]\d{2}|7([0-6]\d|7[0-2]))[ \-]?\d{2}[ \-]\d{4}
Rather than having to list every possible Social Security number, this regular expression
describes the structure of a Social Security number. The pattern is easily recognizable by
the FortiGate unit. For more information about regular expressions, see
and Perl regular expressions" on page
DLP rules can be combined into compound rules and they can be included in sensors. If
rules are specified directly in a sensor, traffic matching any single rule will trigger the
configured action. If the rules are first combined into a compound rule and then specified
in a sensor, every rule in the compound rule must match the traffic to trigger the configured
action.
Individual rules in a sensor are linked with an implicit OR condition while rules within a
compound rule are linked with an implicit AND condition.
To view the DLP rule list, go to UTM > Data Leak Prevention > Rule.
578.
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
Data Leak Prevention
"Using wildcards
01-410-89802-20090903
•
Feedback
Advertisement
Table of Contents
