Fortinet FortiGate Series Administration Manual page 597

Data Leak Prevention
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Protocol
AIM, ICQ, MSN, Yahoo! When you select the Instant Messaging protocol, you can configure
HTTP POST, HTTP GET When you select the HTTP protocol, you can configure the rule to
HTTPS POST, HTTPS
GET
FTP PUT, FTP GET
SMTP, IMAP, POP3
SMTPS IMAPS POP3S When you select the Email protocol, if your FortiGate unit supports
SIP, SIMPLE, SCCP
File Options
Scan archive contents When selected, files within archives are extracted and scanned in the
Scan archive files
whole
Scan MS-Word text
Scan MS-Word file
whole
Scan PDF text
Select the type of content traffic that the DLP rule the rule will apply to.
The available rule options vary depending on the protocol that you
select. You can select the following protocols: Email, HTTP, FTP,
NNTP, Instant Messaging and Session Control.
the rule to apply to file transfers using any or all of the supported IM
protocols (AIM, ICQ, MSN, and Yahoo!).
Only file transfers using the IM protocols are subject to DLP rules. IM
messages are not scanned.
apply to HTTP post or HTTP get traffic or both.
When you select the HTTP protocol, if your FortiGate unit supports
SSL content scanning and inspection, you can also configure the
HTTP rule to apply to HTTPS get or HTTPS post sessions or both. For
more information about SSL content scanning and inspection, see
"Configuring SSL content scanning and inspection" on page
To scan these encrypted traffic types, you must set HTTPS Content
Filtering Mode to Deep Scan (Decrypt on SSL Traffic) in the Protocol
Recognition section of the protection profile. If URL Filtering is
selected, the DLP sensors will not scan HTTPS content.
When you select the FTP protocol, you can configure the rule to apply
to FTP put, or FTP get sessions or both.
When you select the Email protocol, you can configure the rule to
apply to any or all of the supported email protocols (SMTP, IMAP, and
POP3).
SSL content scanning and inspection, you can also configure the rule
to apply to SMTPS, IMAPS, POP3S or any combination of these
protocols.
For more information about SSL content scanning and inspection, see
"Configuring SSL content scanning and inspection" on page
When you select the Session Control protocol, you can configure the
rule to apply to any or all of the supported session control protocols
(SIP, SIMPLE, and SCCP). The only rule option for the session control
protocols is Always. This option matches all session control traffic is
used for session control DLP archiving.
You can select file options for any protocol to configure how the DLP
rule handles archive files, MS-Word files, and PDF files found in
content traffic. File options appear when you select File Type rule
option.
same way as files that are not archived.
When selected, archives are scanned as a whole. The files within the
archive are not extracted and scanned individually.
When selected the text contents of MS Word DOC documents are
extracted and scanned for a match. All metadata and binary
information is ignored.
Note: Office 2007/2008 DOCX files are not recognized as MS-Word
by the DLP scanner. To scan the contents of DOCX files, select the
Scan archive contents option.
When selected, MS Word DOC files are scanned. All binary and
metadata information is included.
If you are scanning for text entered in a DOC file, use the
Scan MS-Word option. Binary formatting codes and file information
may appear within the text, causing text matches to fail.
Note: Office 2007/2008 DOCX files are not recognized as MS-Word
by the DLP scanner. To scan the contents of DOCX files, select the
Scan archive contents option.
When selected, the text contents of PDF documents are extracted and
scanned for a match. All metadata and binary information is ignored.
DLP Rules
484.
484.
597