Fortigate How-To: DLP

Data Leak Prevention (or Data Loss Prevention) is becoming a must for almost all networks. But it is usually not deployed if the customer doesn’t specifically request because of the function nature that the “general” practice is not available for this DLP. Some company might want to prevent users to export any data which is bigger than 10MB to the internet, while some of the company might need to send bulk files everyday.

This time, I will add basic DLP with following functions:

  • Prevent users to upload any file which is 10MB or bigger, to the internet
  • Prevent users to download any executable(exe) or MS installer package(msi)

 

 

Create DLP Profile

Security Profiles > Data Leak Prevention

Create New Profile called “ConfidentialFileDLP”.

Add policy to Block the file, which filename starts with “Confidential”, to be exported over HTTP POST method.

Add policy to Block any download of the file, which is either executable(exe) or MS installer package(msi).

 

Add DLP on policy

Policy & Objects > IPv4 Policy

Add DLP on the policy.

 

Result

Access any file transfer service(eg. wetransfer), and try to send the file. It will be timed out if that file name starts with “Confidential”.

And the log shows the UTM is blocked the upload.

 

Next, download any executable(exe). It should be blocked and it prompts you that activity is suspected as “data leak”.

 

And the log shows the UTM is blocked the download.