Isolating the DMZ

To make sure that Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. checks data transmissions to the DMZ, configure the DMZ as external to My Organization.

For example, the PCI DSS (Payment Card Industry Data Security Standard - Copyright of PCI Security Standards Council, LLC). Requirement 1.4.1 requires to include a DMZ in the environment to prevent direct Internet traffic to and from secured internal data access points.

To make sure traffic from My Organization to the DMZ is checked for Data Loss Prevention:

  1. Make sure that the DLP Gateway configuration includes a definition of the DMZ hosts and networks.

  2. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

    SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.

  3. From the navigation tree, click My Organization.

  4. In the Networks section, make sure that:

    • Anything behind the internal interfaces of my DLP gateways is selected.

    • Anything behind interfaces which are marked as leading to the DMZ is NOT selected.

  5. Click Save and then close SmartDashboard.

  6. In SmartConsole, install policy.