In This Section: |
This section shows how to configure specific Software Blades for Monitor Mode.
Note - For VSX, see:
Configure the settings below, if you enabled one of the Threat Prevention Software Blades (IPS, Anti-Bot, Anti-Virus, Threat Emulation or Threat Extraction) on the Security Gateway in Monitor Mode:
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway. |
2 |
From the left navigation panel, click Security Policies > Threat Prevention. |
3 |
Create the Threat Prevention rule that accepts all traffic:
|
4 |
Right-click the selected Threat Prevention profile and click Edit. |
5A |
Click the General Policy page. |
5B |
In the Blades Activation section, select the desired Software Blades. |
5C |
In the Activation Mode section:
|
6A |
Click the Anti-Virus page. |
6B |
In the Protected Scope section, select Inspect incoming and outgoing files. |
6C |
In the File Types section:
|
6D |
Optional: In the Archives section, select Enable Archive scanning (impacts performance). |
7A |
Click the Threat Emulation page > General. |
7B |
In the Protected Scope section, select Inspect incoming files from the following interfaces and in the field, select All. |
8 |
Configure other desired settings for the Software Blades. |
9 |
Click OK. |
10 |
Install the Threat Prevention Policy on the Security Gateway object. |
For more information:
See the R80.20 Threat Prevention Administration Guide.
Configure the settings below, if you enabled Application Control or URL Filtering Software Blade on the Security Gateway in Monitor Mode:
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway. |
2 |
From the left navigation panel, click Manage & Settings > Blades. |
3 |
In the Application Control & URL Filtering section, click Advanced Settings. The Application Control & URL Filtering Settings window opens. |
4 |
On the General page:
|
5 |
On the Check Point online web service page:
|
6 |
Click OK to close the Application Control & URL Filtering Settings window. |
7 |
Install the Access Control Policy on the Security Gateway object. |
For more information, see the:
Configure the settings below, if you enabled the Data Loss Prevention Software Blade on the Security Gateway in Monitor Mode:
Step |
Description |
---|---|
1 |
Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway. |
2 |
From the left navigation panel, click Manage & Settings > Blades. |
3 |
In the Data Loss Prevention section, click Configure in SmartDashboard. The SmartDashboard window opens. |
4A |
Click the My Organization page. |
4B |
In the Email Addresses or Domains section, configure with full list of company's domains. There is no need to include subdomains (for example, |
4C |
In the Networks section, select Anything behind the internal interfaces of my DLP gateways. |
4D |
In the Users section, select All users. |
5 |
Click the Policy page. Configure the applicable rules:
Note - Before you can configure the DLP rules, you must configure the applicable objects in SmartConsole. |
6 |
Click the Additional Settings > Protocols page. Configure these settings:
|
7 |
Click Launch Menu > File > Update (or press CTRL S). |
8 |
Close the SmartDashboard. |
9 |
Install the Access Control Policy on the Security Gateway object. |
10 |
Make sure the Security Gateway enabled the SMTP Mirror Port Mode:
|
For more information:
See the R80.20 Data Loss Prevention Administration Guide.
If you connect a Proxy Server between the Security Gateway in Monitor Mode and the switch, then configure these settings to see Source IP addresses and Source Users in the Security Gateway logs:
Step |
Description |
---|---|
1 |
On the Proxy Server, configure the "X Forward-For header". See the applicable documentation for your Proxy Server. |
2 |
On the Security Gateway in Monitor Mode, enable the stripping of the X-Forward-For (XFF) field. Follow the sk100223: How to enable stripping of X-Forward-For (XFF) field. |