Configuring SMTP Mirror Port Mode

In Mirror Port Mode, the DLP Gateway scans SMTP and HTTP traffic for possible violations. The DLP Gateway connects to the SPAN port of a switch and monitors traffic without enforcing a policy. Mirror Port Mode lets you run a full data leak assessment of all outgoing SMTP/HTTP traffic with minimal configuration risk.

How it works

When the DLP Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. is connected to a SPAN port of the switch, the gateway gets a copy of all packets passing through the switch. The DLP tap mechanism builds TCP streams of SMTP and HTTP traffic. These streams are scanned by the DLP engine for possible violations of the policy.

Enabling Mirror Port Mode scanning of SMTP and HTTP Traffic

Before enabling Mirror Port Mode scanning, you must prepare the gateway.

If the gateway is SecurePlatform, DLP scans traffic only on interfaces that are defined as SPAN ports.
If the gateway is Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems., Gaia must be in Monitor Mode.

Monitor Mode lets the gateway listen to traffic from a Mirror port or Span port on a switch. To configure Monitor Mode on the Gaia operating system, see: sk70900.

Note - For R77.10 and higher, Mirror Port Mode scanning is enabled by default when one of the interfaces is configured as monitor mode or tap. For R77 and below, you must manually enable mirror port mode.

To enable Mirror Port Mode (for R77 and below):

use the dlp_smtp_mirror_port command.

Description

Enables SMTP Mirror Port Mode

Syntax

dlp_smtp_mirror_port {status | enable |disable}

Parameters

Parameter	Description
`status`	Shows the status, whether mirror port mode is enabled or disabled.
`enable`	Enables Mirror Port Mode
`disable`	Disables Mirror Port Mode

Example

dlp_smtp_mirror_port enable

Comments

SMTP mirror mode stays enabled after a gateway reboot.