Fortigate Firewall How to - DLP


Published on

In this lesson, we'll see how to configure DLP. Follow us!

Published in: Technology
  • Be the first to comment

Fortigate Firewall How to - DLP

  2. 2. INTRODUCTION If you are working for an enterprise or your business requires confidentiality, you may need to implement countermeasures in order to prevent sensitive data to go outside your company. Fortigate feature that implements data confidentiality is called Data Leak Prevention (DLP). DLP scans outgoing traffic and blocks any sensitive data from leaving your network. In order to configure DLP, the feature must be enabled on the firewall. As all other Fortigate capabilities, DLP can be enabled without any ad hoc license. Go to System > Config > Features and enable both DLP and Multiple Security Profiles if they are not yet active.
  3. 3. CONFIGURING DLP As many other feature, the configuration foresees the creation of a sensor and its application to a firewall policy. Go to Security Profiles > Data Leak Prevention > File Filter. Select Create New to make a File Filter Table. Insert the table name and click OK; now we can insert new filters. Creating the filter we can chose the filter type (file name or file type). In the example at right side we have chosen «File Name Pattern», so we can insert the name or extension of a file we want to block.
  4. 4. CONFIGURING DLP - CONTINUED Filtering on file name or extension basis is a very simple method and exposes your network to data leaks in case users rename files. A more sophisticated method is filtering by file type. In this case, the Fortigate scans file content and recognizes its type also in case a user renames it. Now we have to associate the just created file filter to a new sensor. Go to Security Profiles > Data Leak Prevention > Sensors. Select the plus icon in the upper right corner of the window to create a new sensor.
  5. 5. CONFIGURING DLP - CONTINUED Select Create New to make a new filter and set the type to Files. Enable File Type included in and set it to your previously created file filter. Under Examine the following Services, select the services you wish to monitor with DLP. Finally set the Action to Block. Now the only thing to do is to associate the sensor to a firewall policy for the traffic going outside.
  6. 6. MORE NEEDS? See hints on Or email us your questions to
  7. 7. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171