End-of-Life (EoL)

Align Data Filtering with a DLP Solution

If you are using a DLP solution to add file properties to documents in order to mark those documents as confidential, you can use the new built-in file property settings to configure the firewall to block those confidential documents from leaving your network.
Take the following steps to use the new settings to enable data filtering based on file properties (previous release versions required you to create regular expression data patterns to enable the same functionality).
  1. Define a new data pattern object to detect file properties.
    1. Select
      Objects
      Custom Objects
      Data Patterns
      and
      Add
      a new object.
    2. Set the
      Pattern Type
      to
      File Properties
      .
    3. Add
      a new rule to the data pattern object, and give that rule a descriptive Name.
    4. Select the
      File Type
      and based on the file type you choose, also select the
      File Property
      that you want scan for a specific value.
    5. Enter the specific
      Property Value
      that you want the firewall to detect.
    6. Click
      OK
      to save the data pattern.
  2. Add the data pattern object to a data filtering profile.
    1. Select
      Objects
      Security Profiles
      Data Filtering
      and
      Add
      or modify a data filtering profile.
    2. Add
      a new profile rule and select the Data Pattern you created in step 1.
    3. Specify
      Applications
      ,
      File Types
      , and what
      Direction
      of traffic (upload or download) you want to filter based on the data pattern.
      The file type you select must be the same file type you defined for the data pattern in step 1, or it must be a file type that includes the data pattern file type. For example, you could define both the data pattern object and the data filtering profile to scan all Microsoft Office documents. Or, you could define the data pattern object to match to only Microsoft PowerPoint Presentations, while the data filtering profile scans all Microsoft Office documents.
      If a data pattern object is attached to a data filtering profile and the configured file types do not align between the two, the profile will not correctly filter documents matched to the data pattern object.
    4. Set the
      Alert Threshold
      to specify the number of times the data pattern must be detected in a file to trigger an alert.
    5. Set the
      Block Threshold
      to block files that contain at least this many instances of the data pattern.
    6. Set the
      Log Severity
      recorded for files that match this rule.
    7. Click
      OK
      to save the data filtering profile.
  3. Apply the data filtering settings to traffic.
    1. Select
      Policies
      Security
      and
      Add
      or modify a security policy rule.
    2. Select
      Actions
      and set the Profile Type to
      Profiles
      .
    3. Attach the Data Filtering profile you created in step 2 to the security policy rule.
    4. Click
      OK
      .
  4. (
    Recommended
    ) Prevent web browsers from resuming sessions that the firewall has terminated.
    This option ensures that when the firewall detects and then drops a sensitive file, a web browser cannot resume the session in an attempt to retrieve the file.
    1. Select
      Device
      Setup
      Content-ID
      and edit Content-ID Settings.
    2. Clear the
      Allow HTTP header range option
      .
    3. Click
      OK
      .
  5. Monitor files that the firewall is filtering.
    Select
    Monitor
    Data Filtering
    to view the files that the firewall has detected and blocked based on your data filtering settings.

Recommended For You