Troubleshooting DLP Issues.
Table of Contents
Scope
FortiGate.
Solution
DLP (Data Leak Prevention) Debug
FortiGate UTM inspects traffic in two modes: Proxy-based inspection and flow-based inspection.
Depending on the type of inspection configured, the daemons handling the DLP inspection will be different. The section below identifies the ways of fetching basic DLP debugs based on the inspection type.
DLP in Proxy-base Mode
In Proxy mode, the proxy DLP and scanunit daemon will be involved in the DLP filtering. The intention in this example is to enable scanunit debug along with DLP because the scanunit daemon scans the traffic and passes the packets to the DLP daemon.
For instance, a lot of times, if DLP is not detecting violating traffic, the issue can often be identified when scanunit does not pass anything to DLP. In the example below, debug output shows both the scanunit and DLP daemon.
Debug Command: diag sys scanunit debug all
Comments: Enable debug to see if scanunit passes packet to DLP.
Debug Command: diag wad debug enable all
Comments: This enables the DLP daemon debug.