1

Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway.

2

From the left navigation panel, click Security Policies > Threat Prevention.

3

Create the Threat Prevention rule that accepts all traffic:

• Protected Scope - *Any
• Protection/Site/File/Blade - -- N/A
• Action - Desired Profile (we recommend the Optimized profile)
• Track - Log , Packet Capture (the Packet Capture setting is optional)

4

Right-click the selected Threat Prevention profile and click Edit.

5A

Click the General Policy page.

5B

In the Blades Activation section, select the desired Software Blades.

5C

In the Activation Mode section:

• In the High Confidence field, select Detect.
• In the Medium Confidence field, select Detect.
• In the Low Confidence field, select Detect.

6A

Click the Anti-Virus page.

6B

In the Protected Scope section, select Inspect incoming and outgoing files.

6C

In the File Types section:

• Select Process all file types.
• Optional: Select Enable deep inspection scanning (impacts performance).

6D

Optional: In the Archives section, select Enable Archive scanning (impacts performance).

7A

Click the Threat Emulation page > General.

7B

In the Protected Scope section, select Inspect incoming files from the following interfaces and in the field, select All.

8

Configure other desired settings for the Software Blades.

9

Click OK.

10

Install the Threat Prevention Policy on the Security Gateway object.

1

Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway.

2

From the left navigation panel, click Manage & Settings > Blades.

3

In the Application Control & URL Filtering section, click Advanced Settings.

The Application Control & URL Filtering Settings window opens.

4

On the General page:

• In the Fail mode section, select Allow all requests (fail-open).
• In the URL Filtering section, select Categorize HTTPS websites.

5

On the Check Point online web service page:

• In the Website categorization mode section, select Background.
• Select Categorize social networking widgets.

6

Click OK to close the Application Control & URL Filtering Settings window.

7

Install the Access Control Policy on the Security Gateway object.

1

Connect with SmartConsole to the Security Management Server or Domain Management Server that manages this Security Gateway.

2

From the left navigation panel, click Manage & Settings > Blades.

3

In the Data Loss Prevention section, click Configure in SmartDashboard.

The SmartDashboard window opens.

4A

Click the My Organization page.

4B

In the Email Addresses or Domains section, configure with full list of company's domains.

There is no need to include subdomains (for example, mydomain.com, mydomain.uk).

4C

In the Networks section, select Anything behind the internal interfaces of my DLP gateways.

4D

In the Users section, select All users.

5

Click the Policy page.

Configure the applicable rules:

• In the Data column, right-click the pre-defined data types and select Edit.
  • On the General Properties page, in the Flag field, select Improve Accuracy.
  • In the Customer Names data type, we recommend to add the company's real customer names.
• In the Action column, you must select Detect.
• In the Severity column, select Critical or High in all applicable rules.
• You may choose to disable/delete rules that are not applicable to the company or reduce the Severity of these rules.

Note - Before you can configure the DLP rules, you must configure the applicable objects in SmartConsole.

6

Click the Additional Settings > Protocols page.

Configure these settings:

• In the Email section, select SMTP (Outgoing Emails).
• In the Web section, select HTTP. Do not configure the HTTPS.
• In the File Transfer section, do not select FTP.

7

Click Launch Menu > File > Update (or press CTRL S).

8

Close the SmartDashboard.

9

Install the Access Control Policy on the Security Gateway object.

10

Make sure the Security Gateway enabled the SMTP Mirror Port Mode:

1. Connect to the command line on the Security Gateway.
2. Log in to the Expert mode.
3. Run this command:

   # dlp_smtp_mirror_port status

4. Make sure the value of the kernel parameter dlp_force_smtp_kernel_inspection is set to 1 (one).

   Run these two commands:

   # fw ctl get int dlp_force_smtp_kernel_inspection

   # grep dlp_force_smtp_kernel_inspection $FWDIR/boot/modules/fwkern.conf

1

On the Proxy Server, configure the "X Forward-For header".

See the applicable documentation for your Proxy Server.

2

On the Security Gateway in Monitor Mode, enable the stripping of the X-Forward-For (XFF) field.

Follow the sk100223: How to enable stripping of X-Forward-For (XFF) field.