Basic DLP settings
DLP settings can be configured for data types, dictionaries, sensors, file patterns, and profiles. DLP can be configured in both the CLI and the GUI irrespective of firewall policy inspection mode.
To use DLP profile in a flow-based firewall policy, DLP profiles can only be added to a flow-based firewall policy from the CLI. |
On the Security Profiles > Data Leak Prevention page, there are Profiles, Sensors, and Dictionaries tabs to configure those DLP settings. DLP profiles can be added to proxy-based firewall policies and proxy policies from the GUI.
If Data Leak Prevention is not visible in the tree menu, go to System > Feature Visibility and enable it. |
This section breaks down the DLP configuration into a sequence of steps:
-
Configure the DLP dictionary:
-
A DLP dictionary is a collection of data type entries. See Built-in DLP data type for more information.
-
-
Configure the DLP sensor:
-
A DLP sensor defines which dictionary to check. It counts the number of dictionary matches to trigger the sensor.
-
-
Configure the DLP profile:
-
A DLP profile allows for filtering by size and file type. See DLP file pattern for custom file type.
-
-
Add the DLP profile to a firewall policy.
All the steps mentioned above should be configured in the exact order given for ease of configuration. |
Configuring DLP from the GUI
Use the following steps to configure DLP from the GUI.
To configure a DLP dictionary:
-
Go to Security Profiles > Data Leak Prevention.
-
Select the Dictionaries tab and click Create New.
-
Enter a name.
-
In the Dictionary Entries section, click Create New.
-
Set the Type and click OK.
-
Click OK to save the dictionary.
To configure a DLP sensor:
-
Go to Security Profiles > Data Leak Prevention.
-
Select the Sensors tab and click Create New.
-
Enter a name.
-
In the Sensors Entries section, click Create New.
-
Select the Dictionary from the dropdown menu and click OK.
-
Click OK to save the sensor.
To configure a DLP profile:
-
Go to Security Profiles > Data Leak Prevention.
-
Select the Profiles tab and click Create New.
-
Enter a name.
-
In the Rules section, click Create New.
-
Configure the following settings:
Name
Filter name. Sensors Select DLP sensors. Severity Select the severity or threat level that matches this filter. Action Action to take with content that this DLP profile matches. Type Select whether to check the content of messages (an email message) or files (downloaded files or email attachments). File type Select the number of a DLP file pattern table to match. Protocol Check messages or files over one or more of these protocols. -
Click OK.
-
Click OK to save the profile.
To add the DLP profile to a firewall policy:
-
Go to Policy & Objects > Firewall Policy.
-
Click Create New.
-
Set the Inspection Mode to Proxy-based.
-
In the Security Profiles section, enable DLP Profile and select the desired profile.
-
Configure the other settings as needed.
-
Click OK.
Configuring DLP from the CLI
Use the following steps to configure DLP from the CLI.
To configure a DLP dictionary:
config dlp dictionary edit <name> config entries edit 1 set type {credit-card | hex | keyword | mip-label | regex | ssn-us} set pattern <string> set repeat {enable | disable} set status {enable | disable} next end next end
To configure a DLP sensor:
config dlp sensor edit <name> set match-type {match-all | match-any | match-eval} set eval <string> config entries edit <id> set dictionary <dlp_dictionary> set count <integer> set status {enable | disable} next end next end
See Evaluation by Logical relationship for more information about match-eval
.
To configure a DLP profile:
config dlp profile edit <name> set feature-set {flow | proxy} config rule edit <id> set proto <protocol> <protocol> ... set sensor <dlp_sensor> set action {allow | log-only | block | quarantine-ip} next end next end
To add the DLP profile to a firewall policy:
config firewall policy edit <id> set srcintf <interface> set dstintf <interface> set action accept set srcaddr <address> set dstaddr <address> set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set dlp-profile <string> next end
See DLP examples for sample configurations.