Align Data Filtering with a DLP Solution

If you are using a DLP solution to add file properties to documents in order to mark those documents as confidential, you can use the new built-in file property settings to configure the firewall to block those confidential documents from leaving your network.
Take the following steps to use the new settings to enable data filtering based on file properties (previous release versions required you to create regular expression data patterns to enable the same functionality).
  1. Define a new data pattern object to detect file properties.
    1. Select ObjectsCustom ObjectsData Patterns and Add a new object.
    2. Set the Pattern Type to File Properties.
    3. Add a new rule to the data pattern object, and give that rule a descriptive Name.
    4. Select the File Type and based on the file type you choose, also select the File Property that you want scan for a specific value.
    5. Enter the specific Property Value that you want the firewall to detect.
    6. Click OK to save the data pattern.
  2. Add the data pattern object to a data filtering profile.
    1. Select ObjectsSecurity ProfilesData Filtering and Add or modify a data filtering profile.
    2. Add a new profile rule and select the Data Pattern you created in step 1.
    3. Specify Applications, File Types, and what Direction of traffic (upload or download) you want to filter based on the data pattern.
      The file type you select must be the same file type you defined for the data pattern in step 1, or it must be a file type that includes the data pattern file type. For example, you could define both the data pattern object and the data filtering profile to scan all Microsoft Office documents. Or, you could define the data pattern object to match to only Microsoft PowerPoint Presentations, while the data filtering profile scans all Microsoft Office documents.
      If a data pattern object is attached to a data filtering profile and the configured file types do not align between the two, the profile will not correctly filter documents matched to the data pattern object.
    4. Set the Alert Threshold to specify the number of times the data pattern must be detected in a file to trigger an alert.
    5. Set the Block Threshold to block files that contain at least this many instances of the data pattern.
    6. Set the Log Severity recorded for files that match this rule.
    7. Click OK to save the data filtering profile.
  3. Apply the data filtering settings to traffic.
    1. Select PoliciesSecurity and Add or modify a security policy rule.
    2. Select Actions and set the Profile Type to Profiles.
    3. Attach the Data Filtering profile you created in step 2 to the security policy rule.
    4. Click OK.
  4. (Recommended) Prevent web browsers from resuming sessions that the firewall has terminated.
    This option ensures that when the firewall detects and then drops a sensitive file, a web browser cannot resume the session in an attempt to retrieve the file.
    1. Select DeviceSetupContent-ID and edit Content-ID Settings.
    2. Clear the Allow HTTP header range option.
    3. Click OK.
  5. Monitor files that the firewall is filtering.
    Select MonitorData Filtering to view the files that the firewall has detected and blocked based on your data filtering settings.

Related Documentation