Print Download PDF Send Feedback

Previous

Next

Configuring SMTP Mirror Port Mode

In Mirror Port Mode, the DLP gateway scans SMTP and HTTP traffic for possible violations. The DLP gateway connects to the SPAN port of a switch and monitors traffic without enforcing a policy. Mirror Port Mode lets you run a full data leak assessment of all outgoing SMTP/HTTP traffic with minimal deployment risk.

How it works

When the DLP Security Gateway is connected to a SPAN port of the switch, the gateway gets a copy of all packets passing through the switch. The DLP tap mechanism builds TCP streams of SMTP and HTTP traffic. These streams are scanned by the DLP engine for possible violations of the policy.

Enabling Mirror Port Mode scanning of SMTP and HTTP Traffic

Before enabling Mirror Port Mode scanning, you must prepare the gateway.

Note - For R77.10 and higher, Mirror Port Mode scanning is enabled by default when one of the interfaces is configured as monitor mode or tap. For R77 and below, you must manually enable mirror port mode.

To enable Mirror Port Mode (for R77 and below):

Use the dlp_smtp_mirror_port command.

Description

Enables SMTP Mirror Port Mode

Syntax

dlp_smtp_mirror_port {status | enable |disable}

Parameters

Parameter

Description

status

Shows the status, whether mirror port mode is enabled or disabled.

enable

Enables Mirror Port Mode

disable

Disables Mirror Port Mode

Example

dlp_smtp_mirror_port enable

Output

# dlp_smtp_mirror_port enable

Enabling SMTP mirror port requires running local policy installation. continue? (yes)

 

yes

 

Installing Security Policy Standard on all.all@dlpgw

 

Fetching Security Policy from local succeeded

 

# dlp_smtp_mirror_port status

SMTP mirror port is enabled

 

Comments

SMTP mirror mode remains enabled after a gateway reboot.