Configuring the Exchange Security Agent

Internal emails between Microsoft Exchange clients use a proprietary protocol for Exchange communication. This protocol is not supported by the DLP Gateway. To scan internal emails between Microsoft Exchange clients, you must install an Exchange Security Agent on the Exchange Server. The agent sends emails to the DLP Gateway for inspection using the SMTP protocol encrypted with TLS. You must have a connectivity between the Exchange server and the DLP Gateway.

An Exchange Security Agent must be installed on each Exchange Server that passes traffic to the DLP Gateway. Each agent is centrally managed through SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. and can only send emails to one DLP Gateway.

If your organization uses Exchange servers for all of its emails, you can also use this setup for scanning all emails.

To use the Exchange Security Agent it is necessary to configure settings in SmartConsole and on the Exchange server.

For more about using the Exchange Security Agent to examine internal emails, see some scenarios (see Out of the Box).