|
|
|
Each rule in the Data Loss Prevention policy has a definition for the protocols of the data transmission. The default setting for Protocols is Any: DLP will scan transmissions over all enabled protocols.
You can control which protocols are supported by DLP in general, or by each gateway, or for each rule.
To define supported protocols for DLP:
For example, if performance becomes an issue, you could clear the HTTP checkbox here, without making any other change in the policy. HTTP posts and web mail would go through without Data Loss Prevention inspection.
To define supported protocols for individual DLP Gateways:
The properties window of the gateway opens.
To define supported protocols for a rule:
If this column is not visible, right-click a column header. In the list of possible columns that appears, select Protocols.
Traffic that matches the other parameters of the rule, but is sent over another protocol, is not inspected.
When you choose a specific source or destination for a DLP rule, you can optimize the rule for the selected protocol.
By default, rules use all supported protocols, or the default protocols selected for the gateway (in the Check Point gateway window).
If you specify that a rule should use only mail sending protocols, such as SMTP, the source and destination can be users (including user groups and LDAP Account Units) or email addresses (including specific email or domains).
If you specify that a rule should use only HTTP or FTP or both, the rule will ignore any source or destination that is not recognized by IP address.
If the rule uses all supported protocols, HTTP and FTP will recognize only source and destinations that can be defined by IP address. SMTP will recognize and enforce the rule for sources and destinations based on users and emails.
To scan transmissions on HTTP running on any port other the standard HTTP ports (80, 8080), you must define the non-standard ports to be included in the HTTP protocol.
To add ports to HTTP:
The New TCP window opens.
