A Security policy can include specification of a data filtering profile to help identify sensitive information such as credit card or social security numbers and prevent the sensitive information from leaving the area protected by the firewall.
To apply data filtering profiles to security policies, refer to Policies > Security.
The following tables describe the data filtering profile settings.
Data Filtering Profile Setting Description
Name Enter a profile name (up to 31 characters). This name appears in the list of log forwarding profiles when defining security policies. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Description Enter a description for the profile (up to 255 characters).
Shared Select this option if you want the profile to be available to: Every virtual system (vsys) on a multi-vsys firewall. If you clear this selection, the profile will be available only to the Virtual System selected in the Objects tab. Every device group on Panorama. If you clear this selection, the profile will be available only to the Device Group selected in the Objects tab.
Disable override ( Panorama only ) Select this option if you want to prevent administrators from creating local copies of the profile in descendant device groups by overriding its inherited values. This selection is cleared by default, which means overriding is enabled.
Data Capture Select this option to automatically collect the data that is blocked by the filter.
Specify a password for Manage Data Protection on the Settings page to view your captured data. Refer to Device > Setup > Management.
To add a data pattern, click Add and specify the following information.
Data Pattern Setting Description
Data Pattern Choose an existing data pattern from the Data Pattern drop-down or configure a new pattern by choosing Data Pattern from the list and specifying the information described in Objects > Custom Objects > Data Patterns.
Applications Specify the applications to include in the filtering rule: Choose any to apply the filter to all of the listed applications. This selection does not block all possible applications, just the listed ones. Click Add to specify individual applications.
File Types Specify the file types to include in the filtering rule: Choose any to apply the filter to all of the listed file types. This selection does not block all possible file types, just the listed ones. Click Add to specify individual file types.
Direction Specify whether to apply the filter in the upload direction, download direction, or both.
Alert Threshold Specify the value that will trigger an alert. For example, if you have a threshold of 100 with a SSN weight of 5, the rule will need to detect at least 20 SSN patterns before the rule will be triggered (20 instances x 5 weight = 100).
Block Threshold Specify the value that will trigger a block. For example, if you have a threshold of 100 with a SSN weight of 5, the rule will need to detect at least 20 SSN patterns before the rule will be triggered (20 instances x 5 weight = 100).

Related Documentation