This article describes how to block CPF Brazil (SSN Social Security number) using the DLP feature. The steps below are the correct procedure for blocking any traffic that has a valid CPF number.
Scope
FortiGate.
Solution
Step 1: Create a new ‘Dictionary’ in Security Profile > Data Leak Prevention > Dictionaries and select ‘Create New’.
Use a pattern of type regex and add the following: \b\d{3}\.\d{3}\.\d{3}-\d{2}\b
Step 2: Create a new ‘Sensor’ in Security Profile > Data Leak Prevention > Sensor and select ‘Create New’.
Bind the ‘Dictionary’ created above to the sensor
Step 3: Create a DLP Profile using the ‘Sensor’ profile created in step 2 with action ‘Block’, Type ‘Message’, and protocol ‘HTTP-POST’.
Bind the sensor created in the step above to the new rule created within the DLP profile.
Just select Ok and add this profile to the outgoing rule for the Internet.
Note: Use the DLP profile and policy in ‘Proxy’ mode and also enable ‘deep-inspection’ in the firewall policy.
Activate the deep-inspection profile in the outbound rule, some webfilter profile and the DLP profile created above.
Don’t forget to change the outgoing rule to “proxy” mode.
To test whether the above configuration worked:
- Find a valid CPF.
- Open any website that validates CPF, examples of sites that validate CPF Brazil:
https://sso.acesso.gov.br/login
https://servicos.receita.fazenda.gov.br/Servicos/CPF/ConsultaSituacao/ConsultaPublica.asp
Blocking screen expected by the DLP profile for the end users.