Fingerprinting
Fingerprint scanning allows you to create a library of files for the FortiGate unit to examine. It will create checksum fingerprints so each file can be easily identified. Then, when files appear in network traffic, the FortiGate will generate a checksum fingerprint and compare it to those in the fingerprint database. A match triggers the configured action.
You must configure a document source or uploaded documents to the FortiGate unit for fingerprint scanning to work.
Fingerprinted Documents
The FortiGate unit must have access to the documents for which it generates fingerprints. One method is to manually upload documents to be fingerprinted directly to the FortiGate unit. The other is to allow the FortiGate unit to access a network share that contains the documents to be fingerprinted.
If only a few documents are to be fingerprinted, a manual upload may be the easiest solution. If many documents require fingerprinting, or if the fingerprinted documents are frequently revised, using a network share makes user access easier to manage.
Fingerprinting by document source
To configure a fingerprint document source
1. Go to Security Profiles > Advanced > DLP Fingerprint.
2. In the Document Sources section, select Create New.
3. Configure the settings:
Name | Enter a descriptive name for the document source. |
Server Type | This refers to the type of server share that is being accessed. The default is Windows Share but this will also work on Samba shares. |
Server Address | Enter the IP address of the server. |
User Name | Enter the user name of the account the FortiGate unit uses to access the server network share. |
Password | Enter the password for the account being used to access the network share. |
Path | Enter the path to the document folder. |
Filename Pattern | You may enter a filename pattern to restrict fingerprinting to only those files that match the pattern. To fingerprint all files, enter an asterisk (“*”). |
Sensitivity Level | Select a sensitivity level. The sensitivity is a tag for your reference that is included in the log files. It does not change how fingerprinting works. |
Scan Periodically | To have the files on the document source scanned on a regular basis, select this option. This is useful if files are added or changed regularly. Once selected, you can choose Daily, Weekly, or Monthly update options. The Hour and Min fields are for determining, in a 24 hour clock, the time that the source shares will be scanned. |
Advanced | Expand the Advanced heading for additional options. |
Fingerprint files in subdirectories | By default, only the files in the specified path are fingerprinted. Files in subdirectories are ignored. Select this option to fingerprint files in subdirectories of the specified path. |
Remove fingerprints for deleted files | Select this option to retain the fingerprints of files deleted from the document source. If this option is disabled, fingerprints for deleted files will be removed when the document source is rescanned. |
Keep previous fingerprints for modified files | Select this option to retain the fingerprints of previous revisions of updated files. If this option is disabled, fingerprints for previous version of files will be deleted when a new fingerprint is generated. |
4. Select OK.
Fingerprinting manually by document
To configure manual document fingerprints
1. Go to Security Profiles > Advanced > DLP Fingerprint.
2. In the Manual Document Fingerprints section, select Create New.
3. Use the Browse feature for the File field to select the file to be fingerprinted. The selection will be limited to network resourses
4. Choose a Sensitivity level. The default choices are Critical, Private and Warning, but more can be added in the CLI.
5. If the file is an archive containing other files, select Process files inside archive if you also want the individual files inside the archive to have fingerprints generated in addition to the archive itself.
6. Select OK.
The file is uploaded and a fingerprint generated.