In Mirror Port Mode, the DLP gateway scans SMTP and HTTP traffic for possible violations. The DLP gateway connects to the SPAN port of a switch and monitors traffic without enforcing a policy. Mirror Port Mode lets you run a full data leak assessment of all outgoing SMTP/HTTP traffic with minimal deployment risk.
When the DLP Security Gateway is connected to a SPAN port of the switch, the gateway gets a copy of all packets passing through the switch. The DLP tap mechanism builds TCP streams of SMTP and HTTP traffic. These streams are scanned by the DLP engine for possible violations of the policy.
Before enabling Mirror Port Mode scanning, you must prepare the gateway.
Monitor Mode lets the gateway listen to traffic from a Mirror port or Span port on a switch. To configure Monitor Mode on the Gaia operating system, see: sk70900.
Note - For R77.10 and higher, Mirror Port Mode scanning is enabled by default when one of the interfaces is configured as monitor mode or tap. For R77 and below, you must manually enable mirror port mode.
To enable Mirror Port Mode (for R77 and below):
Use the dlp_smtp_mirror_port
command.
Description |
Enables SMTP Mirror Port Mode |
Syntax |
|
Parameters
Parameter |
Description |
||||
status |
Shows the status, whether mirror port mode is enabled or disabled. |
||||
enable |
Enables Mirror Port Mode |
||||
disable |
Disables Mirror Port Mode |
||||
Example |
|
||||
Output |
|
|
|||
Comments |
SMTP mirror mode remains enabled after a gateway reboot. |