Print Download PDF Send Feedback

Previous

Next

Configuring a DLP Gateway or Security Cluster

You can enable the DLP Software Blade as one of the Software Blades on a Security Gateway. This is known as an integrated DLP deployment. In a dedicated DLP gateway, the Data Loss Prevention Software Blade is enabled on a separate Security Gateway (or cluster).

In ClusterXL Load Sharing cluster, the DLP Software Blade can work only when the policy contains DLP rules that use the Detect, Inform, or Prevent actions. The Ask DLP action is not supported for ClusterXL Load Sharing.

In a Cluster with enabled DLP Software Blade, state synchronization happens every two minutes. Therefore, if there is a cluster failover, the new Active cluster member may not be aware of DLP incidents that happened in the two minutes since the cluster failover.

Configuring Integrated Deployments

In an integrated deployment you can:

To enable DLP on an existing Security Gateway or cluster:

  1. Open SmartConsole, open the Security Gateway or Security Cluster object.

    The gateway window opens and shows the General Properties page.

  2. For a Security Cluster: in the ClusterXL page, select High Availability New mode or Load Sharing.

    For ClusterXL Load Sharing, the Ask action in the DLP rules is not supported.

  3. In the Software Blades section, click the Data Loss Prevention Software Blade.

    Note - On a Security Cluster, this enables the DLP blade on every cluster member.

    The Data Loss Prevention Wizard opens.

  4. Complete the Data Loss Prevention Wizard.
  5. Install policy.

Configuring Dedicated Deployments

To configure a dedicated DLP gateway behind an existing Security Gateway or Security Cluster:

  1. Install a separate gateway (or cluster) behind the existing Security Gateway.
  2. In SmartConsole, create a new object for the separate Security Gateway or cluster.

    Note - If you created a cluster, in the ClusterXL Load Sharing modes, the Ask action in the DLP rules is not supported.

  3. In the Security Gateway or cluster object, go to the General Properties page.
  4. In the Network Security tab, clear the Firewall Software Blade and select the Data Loss Prevention Software Blade.

    The Data Loss Prevention Wizard opens.

  5. Complete the Data Loss Prevention Wizard.
  6. Install policy on the separate Security Gateway or cluster object.

Best Practice - When you set up a dedicated DLP gateway, configure it in Bridge Mode. The bridge is transparent to network routing.