Data Loss Prevention (DLP) Policies

  • Updated on May 31, 2024
  • 5 minutes to read
  • Contributors

This article describes features - DLP Policies - that are currently in early preview. Breaking changes may occur as updates are made. Contact your account team to enable these features for your organization.


SonicWall Cloud Secure Edge (CSE) Data Loss Prevention (DLP) capability is designed to prevent users from unintentionally exposing organizational data. CSE provides a network-based approach to DLP using AI detectors; this approach complements others, such as Endpoint DLP and Cloud DLP.



DLP Rules are the fundamental building block of a CSE DLP policy. A DLP policy comprises Upload Rules, Download Rules, or both.

  • upload_rule: applied on traffic leaving the user’s device (typically the body of a POST request)
  • download_rule: applied on traffic entering the user’s device (typically a response to a GET request)

A given Rule can consist of File references, Detector references, or both.

File References

File References describe the types of files to detect and block.

  • file_type: specifies the file extension(s) to target, such as Adobe PDF, Microsoft Powerpoint, Microsoft Word, etc
  • file_size: specifies the minimum file size for this reference

Example DLP policy with File References

Detector References

Detector References determine what text to inspect for and how to transform findings.

  • detector_location_categories: scopes data sensitivity to a specific locals; options include GLOBAL, LATAM, EUROPE, CANADA, UNITED_KINGDOM, UNITED_STATES
  • detector_industries: scopes data sensitivity to a specific industry(s); options include ALL, FINANCE, HEALTH, TELECOMMUNICATIONS
  • detector_types: specifies the type of sensitive data; options include PII, SPII, CREDENTIAL, GOVERNMENT_ID

Example DLP policy with Detector References

Assignment and Attachment

DLP Policies need to be specifically assigned to users and devices admins need to secure; assignment is done via CSE Roles.

In addition to assigning a DLP policy to a set of users, admins need to attach the DLP policy to either a Hosted Website or a Public Application defined in CSE.

Once a DLP policy is assigned to users and attached to a service, enforcement will begin.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.