2. INTRODUCTION
If you are working for an enterprise or your business requires confidentiality, you may need to implement
countermeasures in order to prevent sensitive data to go outside your company.
Fortigate feature that implements data confidentiality is called Data Leak Prevention (DLP). DLP scans
outgoing traffic and blocks any sensitive data from leaving your network.
In order to configure DLP, the feature must be enabled on the
firewall. As all other Fortigate capabilities, DLP can be enabled
without any ad hoc license.
Go to System > Config > Features and enable both DLP and
Multiple Security Profiles if they are not yet active.
3. CONFIGURING DLP
As many other feature, the configuration foresees the creation of a sensor and its application to a
firewall policy.
Go to Security Profiles > Data Leak
Prevention > File Filter. Select Create
New to make a File Filter Table. Insert
the table name and click OK; now we
can insert new filters.
Creating the filter we can chose the
filter type (file name or file type). In
the example at right side we have
chosen «File Name Pattern», so we
can insert the name or extension of a
file we want to block.
4. CONFIGURING DLP - CONTINUED
Filtering on file name or extension basis is a very
simple method and exposes your network to data
leaks in case users rename files.
A more sophisticated method is filtering by file type.
In this case, the Fortigate scans file content and
recognizes its type also in case a user renames it.
Now we have to associate the just created file filter
to a new sensor.
Go to Security Profiles > Data Leak Prevention >
Sensors. Select the plus icon in the upper right corner
of the window to create a new sensor.
5. CONFIGURING DLP - CONTINUED
Select Create New to make a new filter and set the
type to Files.
Enable File Type included in and set it to your
previously created file filter.
Under Examine the following Services, select the
services you wish to monitor with DLP.
Finally set the Action to Block.
Now the only thing to do is to associate the sensor to a
firewall policy for the traffic going outside.
6. MORE NEEDS?
See hints on www.ipmax.it
Or email us your questions to info_ipmax@ipmax.it
7. IPMAX
IPMAX is a Fortinet Partner in Italy.
IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX
guarantees method and professionalism to support its customers in selecting technologies with
the best quality / price ratio, in the design, installation, commissioning and operation.
IPMAX srl
Via Ponchielli, 4
20063 Cernusco sul Naviglio (MI) – Italy
+39 02 9290 9171