Creating New Rules

Create the rules that make up the DLP policy.

To create DLP rules:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

    SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.

  2. From the navigation tree, click Policy.

  3. Click New Rule.

    A new line opens in the rule baseClosed All rules configured in a given Security Policy. Synonym: Rulebase. table. The order of rules in the DLP policy does not matter. Each DLP gateway checks all installed rules.

  4. In the Data column, click the plus to open the Data TypeClosed Classification of data in a Check Point Security Policy for the Content Awareness Software Blade. picker. Select the Data Type that you want to match against inspected content.

    If you add multiple Data Types to one ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., they are matched on OR - if at least one of the Data Types is matched, the rule is matched.

  5. In the Source column, leave My Organization or click the plus to select a specific item from Users, Emails, or Networks.

    Note - If My Organization is the Source, you can right-click and select Edit. This opens the My Organization window, in which you can modify the definition of your internal organization. However, this definition is changed for all of DLP, not just this rule.

  6. In the Destination column, select one of these:

    • Leave Outside My Org - to inspect data transmissions going to a destination that is not defined in My Organization.

    • Click the plus to select a specific item from Users, Emails, or Networks.

    • If Source is not My Organization, you can select Outside Source.

      Outside Source is a destination of a DLP rule. This value means any destination that is external to the Source. For example, if the source of the rule is Network_A, and Outside Source is the destination, then the rule inspects data transmissions that go from Network_A to any address outside of Network_A. If the destination is Outside My Org, the rule inspects only data transmissions that go from Network_A to any address outside of the organization. Use Outside to create inter-department rules.

  7. In the Action column, do one of these:

    • Detect (default) - To have a matching incident logged, but the data transmission is not disrupted.

    • Right-click and select Inform User - To pass the transmission but send notification to user.

    • Right-click and select Ask User - To wait until user decides to pass or discard.

    • Right-click and select Prevent - To stop the transmission.

  8. In the Track column, leave Log (to log the incident and have it in the Logs & Monitor Logs view for auditing), or right-click and select another tracking option.

    (Optional): To add a notification to the Data Owners:

    1. Select the Email option.

    2. Customize the notification that the Data Owners see if this rule is matched.

  9. In the Install On column, select DLP Blades to apply this rule to all DLP Gateways, or click the [+] icon and select a specific DLP Gateway.

  10. In the Time column, set a date and time of day that this is policy is enforced.

    A rule that uses a time object applies only to connections that begin during the specified date and time period. If the connection continues after that time frame, it is allowed to continue. The relevant time zone is that of the Check Point Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. that enforces the rule.

  11. In the Category column, right-click and select a defined category.

  12. In the Comment column, right-click and select Edit to enter a comment for the rule.

  13. Click Save and then close SmartDashboard.

  14. In SmartConsole, install the policy.