Google Gmail

Overview

Google offers a lot of APIs for Gmail and Google Drive. Harmony Email & Collaboration initiates the security by fetching all emails, attachments, files, and folders metadata in a bootstrap process. The bootstrap ensures the customer’s dedicated virtual appliance has the same cloud state.

How it Works

Gmail offers file sharing and file collaboration tools that allow employees and outside collaborators to share files. Harmony Email & Collaboration adds additional layers of security, privacy, and compliance not offered by Google.

• Malware detection with Anti-Virus and Advanced Persistent Threat detection

• Data Leakage Prevention

• Revocable Encryption (for files leaving the environment)

• File sanitization

Required Permissions

The cloud state used for Gmail by Harmony Email & Collaboration is composed of the following entities:

• Users

• Emails

• Attachments

• Labels used in emails

Once the cloud state is saved, Harmony Email & Collaboration starts monitoring the changes for each user. To track each change for each user in the cloud, Harmony Email & Collaboration uses the following channels:

• Subscribe each user to Google Push Notifications for new messages (https://developers.google.com/gmail/api/guides/push)

• Fallback to polling each user history of changes, each minute if Push Notifications fails (https://developers.google.com/gmail/api/guides/sync)

Harmony Email & Collaboration uses the following resources for Gmail from the APIs:

• Messages

• Labels

• History of changes

• Attachments

Harmony Email & Collaboration require the following permissions from Gmail.

Permissions Required by Gmail
View and manage Emails
View users on your domain
Insert mail into your mailbox
Manage mailbox labels
View and modify but not delete your email
View your emails messages and settings
Manage your basic mail settings
View and manage Pub/Sub topics and subscriptions
View your email address
View your basic profile info

Activating Gmail

For details about the procedure to activate Gmail, see Activating Gmail.

Deactivating Gmail

1. Navigate to Security Settings > SaaS Applications.

2. Click Stop for Gmail.

   

3. In the confirmation pop-up, click Stop.

Upon deactivation, Check Point will no longer protect your organization’s Gmail mailboxes.

To complete the deactivation process:

• If you receive Google Workspace protection was successfully uninstalled message, remove the Check Point apps.

  For the procedure to remove the Marketplace app, see Uninstall a Google Workspace Marketplace app.

• If you receive Check Point was unable to be uninstalled automatically from Google Workspace message, follow these steps.

  1. Delete Check Point settings on Google Workspace:

     • Inbound gateway

     • SMTP relay service

     • Hosts

     • Groups

     • Service Admin User

  2. Remove the Check Point apps.

     For the procedure to remove the Marketplace app, see Uninstall a Google Workspace Marketplace app.

After a certain period of time your tenant-related data will be deleted. If you want the data to be deleted immediately, contact Check Point Support.

Gmail Security Settings

Quarantine Settings

For details about quarantine, see Managing Quarantine.

Notification Templates and Senders

The content for notifications sent to internal and external end users are controlled through the Gmail configuration page.

To configure the notification templates:

1. Navigate to Security Settings > SaaS Applications.

2. Click Configure for Gmail.

3. Scroll-down to the end and expand Advanced.

4. Select the template and make the required changes.

Note - Some notifications can be customized from the policy. For more details, see Configuring a Threat Detection Policy Rule and Data Loss Prevention (DLP) Policy and Click-Time Protection Policy.

Available configurable templates

• Quarantine notification subject

• Quarantine notification body

• Quarantined notification (admin restore request):

• Restore request subject

• Restore request body

• Decline message subject

• Decline message body

• Threat extracted message format

• Threat extracted attachment name template

• Phishing quarantine notification subject

• Phishing quarantine notification body

• Phishing decline message subject

• Phishing decline message body

• Spam quarantine notification body

• Spam quarantine notification subject

• Report Phishing approve subject

• Report Phishing approve body

• Report Phishing decline subject

• Report Phishing decline body

Viewing Gmail Security Events

Harmony Email & Collaboration records the Gmail detections as security events. The event type depends on the type of policy that created the event. You can handle the security events in different ways, whether they are detected/prevented automatically or discovered by the administrators after not being prevented.

The Events screen shows a detailed view of all the security events.