Configuring a DLP Gateway or Security Cluster

For DLP integrated configuration, enable the DLP Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. as one of the Software Blades on a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. In a dedicated DLP Gateway, the Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. Software Blade is enabled on an individual Security Gateway (or Security ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.).

In ClusterXL Load Sharing cluster, the DLP Software Blade works only when the policy contains DLP rules that use the Detect, Inform, or Prevent actions (see DLP Rule Actions). ClusterXL Load Sharing do not support the Ask DLP action.

In a Cluster with enabled DLP Software Blade, state synchronization occurs at two minutes' interval. Therefore, if there is a cluster failover, the new Active cluster memberClosed Security Gateway that is part of a cluster. can possibly not know about DLP incidents that happened in the two minutes since the cluster failover.

In an integrated environment you can:

  • Enable the DLP blade on an current Security Gateway or Security Cluster.

  • Configure a new Security Gateway or cluster and enable the DLP blade on it.

To enable DLP on an current Security Gateway or cluster:

  1. Open SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., open the Security Gateway or Security Cluster object.

    The gateway window opens and shows the General Properties page.

  2. For a Security Cluster: in the ClusterXL page, select High Availability or Load Sharing mode .

    For ClusterXL Load Sharing, the Ask action in the DLP rules is not supported.

  3. In the Software Blades section, click the Data Loss Prevention Software Blade.

    Note - On a Security Cluster, this enables the DLP blade on every cluster member.

    The Data Loss Prevention Wizard opens.

  4. Complete the Data Loss Prevention Wizard (see Data Loss Prevention Wizard).

  5. Install policy.

To configure a dedicated DLP Gateway behind a current Security Gateway or Security Cluster:

  1. Install an individual gateway (or cluster) behind the current Security Gateway.

  2. In SmartConsole, create a new object for the individual Security Gateway or cluster.

    Note - If you created a cluster, in the ClusterXL Load Sharing modes, there is no support for Ask action in the DLP rules.

  3. In the Security Gateway or cluster object, go to the General Properties page.

  4. In the Network Security tab, clean the Firewall Software Blade and select the Data Loss Prevention Software Blade.

    The Data Loss Prevention Wizard opens.

  5. Complete the Data Loss Prevention Wizard (see Data Loss Prevention Wizard).

  6. Install policy on the individual Security Gateway or cluster object.

>

Best Practice - When you set up a dedicated DLP Gateway, configure it in Bridge ModeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology.. The bridge is transparent to network routing.