Editing Exchange Security Agent Values

You can edit default values for parameters related to the Exchange Security Agent (see Configuring the Exchange Security Agent ) in the Database Tool (GuiDBEdit Tool) (see sk13009) or dbedit (see skI3301).

To edit Exchange Security Agent values:

1. Close all SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. windows connected to the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

2. Connect with Database Tool (GuiDBEdit Tool) (see sk13009) to the Management Server.

3. In the left pane, go to Table > Other > dlp_data_tbl.

4. In the right pane, select the Exchange Agent object that represents the SmartConsole Exchange Security Agent object.

5. In the bottom pane, in the Field Name column, you can configure these fields:

   Field Name	Description	Default Value
   is_tap_mode	The Exchange Security Agent sends messages to the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. but does not wait for a response from the Security Gateway. For all rules with the detect or inform action, the Exchange Security Agent is automatically configured to work in tap mode. For other rules, the default is to not work in tap mode. If you want the system to always work in tap mode, change the value from false to true.	False
   scan_mails_received_from_sender_out_of_my_organization	If to scan SMTP messages from a domain that is not in the organization's Exchange. By default this value is false. This means that it only scans messages from your organization's Exchange. To scan messages from senders outside of the domain, change the value to true.	False
   scan_mails_send_to_recipient _ from_my_organization	If to scan internal traffic.	True
   scan_mails_send_to_recipient _out_my_organization	If to scan messages sent outside of the organization.	True
   dont_scan_smtp	Scans messages received by the Exchange server in SMTP. This means that messages in SMTP that come from the same domain get scanned.	False

6. In the right pane, select dlp_general_settings_objects to configure this field:

   Field Name	Description	Default Value
   exchange_send_status_to_gw _frequency	The time interval that the Exchange Security Agent sends statuses to the Security Gateway.	10
   user_dlp_logs_customization _settings > send_log_for_each _skipped_email_with_allow_status	If to send logs about messages that are not sent to the gateway because of the Inspection Scope settings.	False

7. In the left pane, select Network Objects > < Network Objects > <Security Gateway object> > data_loss_prevention_blade_settings to configure this field:

   Field Name	Description	Default Value
   encrypt_exchange_traffic	The Exchange Security Agent sends traffic to the Security Gateway encrypted in TLS.	True

8. Save the changes.

9. Close Database Tool (GuiDBEdit Tool).

10. In SmartConsole, install policy.