How to use MyDLP with an existing Fortinet UTM

Posted by:

Requirements

  1. This article already assumes that you have installed MyDLP and DLP functions working properly.
  2. This article already assumes that Fortinet UTM is able to filter web traffic properly.

Tutorial

ICAP Client should be configured for Fortinet UTM.

To be able to configure ICAP from the Fortinet UTM web?based manager, you must go to System > Admin > Settings > Display Options on GUI and enable ICAP.

Now we should create a new ICAP server definition and related ICAP profiles.

  1. Go to UTM Security Profiles > ICAP > Server and select Create New to add new ICAP server.
  2. Enter MyDLP Server (or your desired name) as Name.
  3. Select IPv4 as IP Type.
  4. Enter IP address of your MyDLP Server to IP Address field.
  5. Enter 1344 to Port field.
  6. And Save.
  7. Go to UTM Security Profiles > ICAP > Profile and select Create New to add a new ICAP profile.
  8. Enter MyDLP Default Profile (or your desired name) as Name.
  9. Select Enable Request Processing.
  10. Select previously created ICAP server(assuming with name MyDLP Server) as Server.
  11. Enter /dlp to Path field.
  12. Select Bypass (or your desired action) as your On Failure action.
  13. DO NOT Select Enable Response Processing, if selected deselect.
  14. Select Enable Streaming Media Bypass.
  15. And Save this one too.
  16. Go to Policy > Policy > Policy and edit the security policy that accepts the traffic to be processed by the ICAP server.
  17. Select UTM Security Policies
  18. Select Enable ICAP
  19. Select previously created ICAP profile
  20. And finally select OK.

Now you will be able to enforce MyDLP policies on your traffic passing through Fortinet UTM.

PS: Alternatively for CLI howto, you can checkout references.

0


About the Author:

Add a Comment