Inspection mode differences for Data Leak Prevention

Inspection mode differences for Data Leak Prevention

This section identifies the behavioral differences between Data Leak Prevention (DLP) operating in flow and proxy inspection.

Feature comparison between DLP inspection modes

The following table indicates which DLP filters are supported by their designated inspection modes.

  Credit

Card

Filter

SSN Filter Regex

Filter

File-

Type

Filter

File-Pattern Filter Fingerprint

Filter

Watermark

Filter

Encrypted

Filter

FileSize

Filter

Proxy Yes Yes Yes Yes Yes Yes Yes Yes Yes
Flow Yes Yes Yes No Yes No No Yes Yes*

*File-size filtering will only work if file size is present in the protocol exchange.

Protocol comparison between DLP inspection modes

The following table indicates which protocols can be inspected by DLP based on the specified inspection modes.

  HTTP FTP IMAP POP3 SMTP NNTP MAPI CIFS
Proxy Yes Yes Yes Yes Yes Yes Yes No
Flow Yes Yes Yes Yes Yes No No No
This entry was posted in Administration Guides, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.