Fortinet black logo

Handbook

Home FortiADC 7.4.3 Handbook
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

Configuring a Sensitive Data Type object

Configuring a Sensitive Data Type object

A Sensitive Data Type object is referenced as part of the Data Loss Prevention (DLP) policy to prevent information, damage and loss by specifying strings as sensitive data.

Predefined Sensitive Data Type objects

You can use the following predefined Sensitive Data Type objects or clone to use as a template.

Predefined Sensitive Data Type objects Description
Credit_Card_Number For credit card numbers from MC, Visa, Amex, Diners/CarteBlanche, Discover/Novus, Enroute, and JCB. Matches 341-1111-1111-1111 | 5431-1111-1111-1111 | 30569309025904 Non-Matches 30-5693-0902-5904 | 5631-1111-1111-1111 | 31169309025904.
US_Social_Security_Number This regex validates U.S. social security numbers, within the range of numbers that have been currently allocated. Matches 078-05-1120 | 078 05 1120 Non-Matches 987-65-4320 | 000-00-0000 | (555) 555-5555.
Email This regex validates email address. Matches example@fortinet.com Non-Matches @fortinet.com.
URL This regex validates URL. Matches http://www.fortinet.com | https://127.0.0.1/path/example.php?name=test1 | ftp://user:pass@example.com:123 Non-Matches /fortinet.com
Numbers This regex validates numbers. Matches 65535 Non-Matches a123.
Strings This regex validates a string. Matches abc Non-Matches abc123.
Date/Time This regex validates email address. Matches 29/02/1972 | 5-9-98 | 10-11-2002 | February 29, 2004 | 12:15 | 10:26:59 | 22:01:15 Non-Matches 32/12/2019.
IP Address This regex validates IPv4 or IPv6 address. Matches 127.0.0.1 | FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 | ::FFFF:129.144.52.38 Non-Matches 256.0.0.1 | FEDC:BA98:7654:3210 | ::
GUID This regex validates a globally unique identifier. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355.
US Phone This regex validates a US phone number WITH area code. It is written to all users to enter whatever delimiters they want or no delimiters at all. Matches 111-222-3333 | 111.222.3333 | (111) 222-3333| 1112223333 Non-Matches + 41 111-222-3333 .
US ZIP Code This regex validates US zip codes. Matches all zip codes of exactly 5 digits except 00000. Optionally, matches zip5+zip4 where zip5 is exactly 5 digits, zip4 is exactly 4 digits, and zip5 and zip4 are, optionally, separated by a single space or hyphen. Captures zip5 and zip4 to named groups to facilitate program manipulation. Matches 12345 | 123456789 | 12345-6789 Non-Matches 123456.
US State Name and Abbrev. This regex validates 50 US States's Name and Abbrev, case insensitive. Matches California | NewYork | North Carolina | AL.
US Street Address This regex validates a US Street Address. Matches 123 Lincoln Avenu | 123 West Main St | 12345 Via De La Rosa Non-Matches Lincoln Avenu.
UK Vehicle Registration This regex validates a UK vehicle registration system currently in use (as defined by the DVLA and put into effect from September 2001, and therefore does not allow registrations prior to this date). Matches AB51DVL | AB 51 DVL Non-Matches AB-51-DVL.
UK Bank Sort Code This regex validates the format of a UK bank sort code. Matches 20-40-36 | 50-25-48 | 45-85-66 Non-Matches 204036.
Post Office Box This regex validates a Post Office Box. Matches P. O. Box | p.o. box | PO Box | po box Non-Matches office box.
Chinese ID card This regex validates a Chinese ID card number. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355.
Chinese phone This regex validates a Chinese telphone number. Matches 86 13512341234 | +86 15812341234 | 86 13612341234 Non-Matches 14012341234.
Australian Phone This regex validates a Australian telephone number, most Australian telephone numbers including 13, 1300, 1800, 1900, std and international +61- format numbers. It allows optional spaces, dashes and brackets in most cases. Matches 1300 123 123 | 1300123123 | +61212341234 | (02) 1234-1234 | 02 1234 1234 Non-Matches 1400123123.
Canadian Postal Code Canadian Postal Code format is (A1A 1X1) or (a1a 1x1). Its made up of two parts. Forward Sortation Area (FSA) and Local Delivery Unit (LDU). Read more on wikipedia. The letters D, F, I, O, Q, or U are not used on postal Code. Matches M1R 4B0 | L0R 1B1 | L0R1B9 Non-Matches MDR 4B0.
To configure a Sensitive Data Type object:
  1. Go to Web Application Firewall > Data Loss Prevention.
  2. Click the Sensitive Data Type tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following Sensitive Data Type settings:

    Setting

    Description

    Name Specify a name for the Sensitive Data Type object.
    Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. The configuration name cannot be edited once it has been saved.
    Description Comments about this profile. Describe what this profile is used for and what kind of data this regex is used to match.
    Regex Specify the regex string used to match sensitive data. There are two predefined regex strings named Credit_Card_Number and US_Social_Security_Number.
  5. Click Save.
    After the Sensitive Data Type configuration is saved, you can reference this object in the Data Loss Prevention rule.
Previous
Next

Configuring a Sensitive Data Type object

A Sensitive Data Type object is referenced as part of the Data Loss Prevention (DLP) policy to prevent information, damage and loss by specifying strings as sensitive data.

Predefined Sensitive Data Type objects

You can use the following predefined Sensitive Data Type objects or clone to use as a template.

Predefined Sensitive Data Type objects Description
Credit_Card_Number For credit card numbers from MC, Visa, Amex, Diners/CarteBlanche, Discover/Novus, Enroute, and JCB. Matches 341-1111-1111-1111 | 5431-1111-1111-1111 | 30569309025904 Non-Matches 30-5693-0902-5904 | 5631-1111-1111-1111 | 31169309025904.
US_Social_Security_Number This regex validates U.S. social security numbers, within the range of numbers that have been currently allocated. Matches 078-05-1120 | 078 05 1120 Non-Matches 987-65-4320 | 000-00-0000 | (555) 555-5555.
Email This regex validates email address. Matches example@fortinet.com Non-Matches @fortinet.com.
URL This regex validates URL. Matches http://www.fortinet.com | https://127.0.0.1/path/example.php?name=test1 | ftp://user:pass@example.com:123 Non-Matches /fortinet.com
Numbers This regex validates numbers. Matches 65535 Non-Matches a123.
Strings This regex validates a string. Matches abc Non-Matches abc123.
Date/Time This regex validates email address. Matches 29/02/1972 | 5-9-98 | 10-11-2002 | February 29, 2004 | 12:15 | 10:26:59 | 22:01:15 Non-Matches 32/12/2019.
IP Address This regex validates IPv4 or IPv6 address. Matches 127.0.0.1 | FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 | ::FFFF:129.144.52.38 Non-Matches 256.0.0.1 | FEDC:BA98:7654:3210 | ::
GUID This regex validates a globally unique identifier. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355.
US Phone This regex validates a US phone number WITH area code. It is written to all users to enter whatever delimiters they want or no delimiters at all. Matches 111-222-3333 | 111.222.3333 | (111) 222-3333| 1112223333 Non-Matches + 41 111-222-3333 .
US ZIP Code This regex validates US zip codes. Matches all zip codes of exactly 5 digits except 00000. Optionally, matches zip5+zip4 where zip5 is exactly 5 digits, zip4 is exactly 4 digits, and zip5 and zip4 are, optionally, separated by a single space or hyphen. Captures zip5 and zip4 to named groups to facilitate program manipulation. Matches 12345 | 123456789 | 12345-6789 Non-Matches 123456.
US State Name and Abbrev. This regex validates 50 US States's Name and Abbrev, case insensitive. Matches California | NewYork | North Carolina | AL.
US Street Address This regex validates a US Street Address. Matches 123 Lincoln Avenu | 123 West Main St | 12345 Via De La Rosa Non-Matches Lincoln Avenu.
UK Vehicle Registration This regex validates a UK vehicle registration system currently in use (as defined by the DVLA and put into effect from September 2001, and therefore does not allow registrations prior to this date). Matches AB51DVL | AB 51 DVL Non-Matches AB-51-DVL.
UK Bank Sort Code This regex validates the format of a UK bank sort code. Matches 20-40-36 | 50-25-48 | 45-85-66 Non-Matches 204036.
Post Office Box This regex validates a Post Office Box. Matches P. O. Box | p.o. box | PO Box | po box Non-Matches office box.
Chinese ID card This regex validates a Chinese ID card number. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355.
Chinese phone This regex validates a Chinese telphone number. Matches 86 13512341234 | +86 15812341234 | 86 13612341234 Non-Matches 14012341234.
Australian Phone This regex validates a Australian telephone number, most Australian telephone numbers including 13, 1300, 1800, 1900, std and international +61- format numbers. It allows optional spaces, dashes and brackets in most cases. Matches 1300 123 123 | 1300123123 | +61212341234 | (02) 1234-1234 | 02 1234 1234 Non-Matches 1400123123.
Canadian Postal Code Canadian Postal Code format is (A1A 1X1) or (a1a 1x1). Its made up of two parts. Forward Sortation Area (FSA) and Local Delivery Unit (LDU). Read more on wikipedia. The letters D, F, I, O, Q, or U are not used on postal Code. Matches M1R 4B0 | L0R 1B1 | L0R1B9 Non-Matches MDR 4B0.
To configure a Sensitive Data Type object:
  1. Go to Web Application Firewall > Data Loss Prevention.
  2. Click the Sensitive Data Type tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following Sensitive Data Type settings:

    Setting

    Description

    Name Specify a name for the Sensitive Data Type object.
    Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. The configuration name cannot be edited once it has been saved.
    Description Comments about this profile. Describe what this profile is used for and what kind of data this regex is used to match.
    Regex Specify the regex string used to match sensitive data. There are two predefined regex strings named Credit_Card_Number and US_Social_Security_Number.
  5. Click Save.
    After the Sensitive Data Type configuration is saved, you can reference this object in the Data Loss Prevention rule.
Previous
Next