You can configure the DLP gateway to access a Microsoft Active Directory or LDAP server to:
If you run the wizard from a computer in the Active Directory domain, the Data Loss Prevention Wizard asks for your Active Directory credentials to create the LDAP account unit automatically. You can run the wizard again from a computer in the Active Directory domain to create the LDAP account unit.
To configure DLP to use Active Directory LDAP:
You are not required to enter credentials with administrator privileges.
Best Practice - Create an Active Directory account that is dedicated for use by Check Point products to connect to Active Directory.
If you have multiple Active Directory servers:
The DLP Wizard asks for Active Directory credentials only if no LDAP account unit exists. If you already have an LDAP account unit, the wizard does not ask for your credentials. To create the LDAP account unit from the DLP Wizard, delete the existing LDAP account unit and run the wizard again.
Note - If you configure the LDAP Account Unit manually, with the username and password authentication method, you must set the Default Authentication Scheme to Check Point Password.
If you need more LDAP account units, you can create the LDAP account unit manually. See the R80.30 Security Management Administration Guide.
If you run the DLP Wizard from a computer that is not part of the Active Directory domain, you can run it again from a computer in the Active Directory domain to create the LDAP account unit.
To run the Data Loss Prevention Wizard again:
The gateway window opens and shows the General Properties page.
The Data Loss Prevention Wizard starts.