Configuring SmartConsole for the Exchange Security Agent

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

    SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.

  2. From the navigation tree, click Gateways.

  3. Click Actions > New Exchange Agent.

    The Check Point Exchange Agent wizard opens.

  4. Click Next. There are four pages in the wizard:

      1. Use the General page to enter information for the Exchange Security Agent.

        Object

        Description

        Name

        Enter a name for the Exchange Security Agent.

        Inspected Exchange Server

        Select the host object that represents the Exchange server on which the Exchange Security Agent is installed. If necessary, click New to create one.

        Exchange contact person (optional)

        You can select the user object that represents the Exchange server administrator.

        Enforcing DLP Gateway

        Select the DLP Gateway object that get emails for the inspection from the Exchange Security Agent. If you use a name to represent the DLP Gateway in the Exchange Security Agent on the Exchange server, make sure to use the same name as this object.

      2. Click Next.

      1. Use the Trusted Communication page - Enter the one-time password used to initialize SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. (Secure Internal Communication) between the Exchange Security Agent and the enforcing DLP Gateway. This step creates a security certificate that is then used by the Exchange Security Agent.

      2. Use the One-time password option - Enter the one-time password and confirm it. Make sure that the same one-time password is entered in the Trusted Communication window of the Exchange Security Agent snap-in on the Exchange server.

      3. Click Next.

      1. Use the Inspection Scope window to define which emails to send for inspection. You can select all users or only specified users or user groups. It is recommended to start with specified users or user groups before inspecting all emails.

        Note - You can define users or groups that do not get emails for inspection in an Exceptions list. You can also set a percentage of emails to inspect for the rest of the organization. This lets you gradually increase the inspection coverage of your organization's emails.

        To define these options, edit the Exchange Security Agent in SmartConsole and open the Inspection Scope page.

        • Inspect emails sent only by these users or user groups - Define the Active directory, internal or LDAP users, to inspect their emails.

        • Inspect all emails - The Exchange Security Agent sends all emails to the enforcing DLP Gateway for inspection.

      2. Click Next.

    • To install the Exchange Security Agent:

      1. On the Exchange Server, download the DLP Exchange agent MSI from the R81.10 Home Page:

        1. From the Table of Contents, select Tools.

        2. Click Show / Hide the download matrix.

        3. In the Agents section, download the DLP Exchange agent MSI.

      2. Do the steps of the installation wizard.

  5. Complete the wizard. Click Save and then close SmartDashboard.

  6. In SmartConsole, install policy.