You can enable the DLP Software Blade as one of the Software Blades on a Security Gateway. This is known as an integrated DLP deployment. In a dedicated DLP gateway, the Data Loss Prevention Software Blade is enabled on a separate Security Gateway (or cluster).
In ClusterXL Load Sharing cluster, the DLP Software Blade can work only when the policy contains DLP rules that use the Detect, Inform, or Prevent actions. The Ask DLP action is not supported for ClusterXL Load Sharing.
In a Cluster with enabled DLP Software Blade, state synchronization happens every two minutes. Therefore, if there is a cluster failover, the new Active cluster member may not be aware of DLP incidents that happened in the two minutes since the cluster failover.
In an integrated deployment you can:
To enable DLP on an existing Security Gateway or cluster:
The gateway window opens and shows the General Properties page.
For ClusterXL Load Sharing, the Ask action in the DLP rules is not supported.
Note - On a Security Cluster, this enables the DLP blade on every cluster member.
The Data Loss Prevention Wizard opens.
To configure a dedicated DLP gateway behind an existing Security Gateway or Security Cluster:
Note - If you created a cluster, in the ClusterXL Load Sharing modes, the Ask action in the DLP rules is not supported.
The Data Loss Prevention Wizard opens.
Best Practice - When you set up a dedicated DLP gateway, configure it in Bridge Mode. The bridge is transparent to network routing.