Print Download PDF Send Feedback

Previous

Next

Configuring Active Directory and LDAP for DLP

You can configure the DLP gateway to access a Microsoft Active Directory or LDAP server to:

If you run the wizard from a computer in the Active Directory domain, the Data Loss Prevention Wizard asks for your Active Directory credentials to create the LDAP account unit automatically. You can run the wizard again from a computer in the Active Directory domain to create the LDAP account unit.

To configure DLP to use Active Directory LDAP:

  1. From a computer that is a member of the Active Directory domain, create the DLP gateway object.
  2. Enter your Active Directory credentials in the Active Directory page.

    You are not required to enter credentials with administrator privileges.

    Best Practice - Create an Active Directory account that is dedicated for use by Check Point products to connect to Active Directory.

  3. When you complete the wizard, the LDAP account unit is created automatically.

    If you have multiple Active Directory servers:

    1. Review the created account unit.
    2. Remove unnecessary servers.
    3. Assign appropriate priorities to the remaining servers.

The DLP Wizard asks for Active Directory credentials only if no LDAP account unit exists. If you already have an LDAP account unit, the wizard does not ask for your credentials. To create the LDAP account unit from the DLP Wizard, delete the existing LDAP account unit and run the wizard again.

Note - If you configure the LDAP Account Unit manually, with the username and password authentication method, you must set the Default Authentication Scheme to Check Point Password.

If you need more LDAP account units, you can create the LDAP account unit manually. See the R80.30 Security Management Administration Guide.

Rerunning the Data Loss Prevention Wizard

If you run the DLP Wizard from a computer that is not part of the Active Directory domain, you can run it again from a computer in the Active Directory domain to create the LDAP account unit.

To run the Data Loss Prevention Wizard again:

  1. In SmartConsole, click Gateways & Servers and double-click the Security Gateway.

    The gateway window opens and shows the General Properties page.

  2. Clear the Data Loss Prevention Software Blade.
  3. Select the Data Loss Prevention Software Blade.

    The Data Loss Prevention Wizard starts.