Print Download PDF Send Feedback

Previous

Next

Defining Protocols of DLP Rules

Each rule in the Data Loss Prevention policy has a definition for the protocols of the data transmission. The default setting for Protocols is Any: DLP will scan transmissions over all enabled protocols.

You can control which protocols are supported by DLP in general, or by each gateway, or for each rule.

To define supported protocols for DLP:

  1. Open Additional Settings > Protocols.
  2. Select the protocols that you want DLP to be able to support, in general.

    For example, if performance becomes an issue, you could clear the HTTP checkbox here, without making any other change in the policy. HTTP posts and web mail would go through without Data Loss Prevention inspection.

To define supported protocols for individual DLP Gateways:

  1. Open Additional Settings > Protocols.
  2. In the Protocol Settings on DLP Blades area, select a DLP gateway.
  3. Click Edit.

    The properties window of the gateway opens.

  4. Open the Data Loss Prevention page of the gateway properties.
  5. Select Apply the DLP policy to these protocols only and select the protocols that you want this DLP gateway to support.

To define supported protocols for a rule:

  1. In the Policy view, click the Protocol column plus button.

    If this column is not visible, right-click a column header. In the list of possible columns that appears, select Protocols.

  2. Select the protocols for this rule.

    Traffic that matches the other parameters of the rule, but is sent over another protocol, is not inspected.

Fine Tuning for Protocol

When you choose a specific source or destination for a DLP rule, you can optimize the rule for the selected protocol.

By default, rules use all supported protocols, or the default protocols selected for the gateway (in the Check Point gateway window).

If you specify that a rule should use only mail sending protocols, such as SMTP, the source and destination can be users (including user groups and LDAP Account Units) or email addresses (including specific email or domains).

If you specify that a rule should use only HTTP or FTP or both, the rule will ignore any source or destination that is not recognized by IP address.

If the rule uses all supported protocols, HTTP and FTP will recognize only source and destinations that can be defined by IP address. SMTP will recognize and enforce the rule for sources and destinations based on users and emails.

Configuring More HTTP Ports

To scan transmissions on HTTP running on any port other the standard HTTP ports (80, 8080), you must define the non-standard ports to be included in the HTTP protocol.

To add ports to HTTP:

  1. In SmartConsole, click Objects > Object Explorer (Ctrl+E).
  2. Click New > Service > TCP.

    The New TCP window opens.

  3. Enter the name for the TCP object.
  4. In Protocol, select HTTP.
  5. If necessary, click Customize and enter the port or port range.
  6. Click OK.
  7. Install Policy.