Managing Users

Most organizations use an external LDAP server (for example, Active Directory) to manage users and user groups.

You can define an internal user account to use as a source or destination in the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. when:

  • Your organization does not use an LDAP server.

  • You want to define a user that is not defined in the LDAP server.

You can add accounts for individual users from the Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. tab in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

To define user accounts as internal users:

  1. Connect with SmartConsole to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  2. From the left navigation panel, click Manage & Settings.

  3. From the left tree, click Blades.

  4. In the Data Loss Prevention section, click Configure in SmartDashboard.

  5. Expand User section > Users.

  6. Right-click User > New User.

    The User Properties window opens.

  7. Define the user account.

    The most important field is the email address. This lets DLP recognize the user for email scans.

    The user is added to the other Software Blades managed by SmartConsole.

DLP may require different user groups than those in the LDAP server. For example, you may want a group for new employees, whose rules are set to Ask User rather than Prevent, to give them time to become familiar with the organization guidelines. You may also want a group for temporary employees or terminating employees, to give them stricter rules.

To define user groups:

  1. Expand User section > User Groups.

  2. Right-click User Group > New Group.

    The New User Group window opens.

  3. Name the group.

  4. Select the users, user groups, or external user profiles that you want in this group and click Add.

  5. Click OK.

If the default option for the Users area is selected (Users, user groups and LDAP groups defined in the Security Management Server), you can define exclusions to this definition of My Organization.

For example, you can exclude the CEO. This lets the CEO send any data without having it scanned.

To exclude users from My Organization:

  1. Connect with SmartConsole to the Management Server.

  2. From the left navigation panel, click Manage & Settings.

  3. From the left tree, click Blades.

  4. In the Data Loss Prevention section, click Configure in SmartDashboard.

  5. Open Data Loss Prevention > My Organization.

  6. In the Users area, click All users > Exclusions.

    The Networks and Hosts window opens.

  7. Select the listed items that you want to exclude from My Organization.

  8. Click Add.

  9. Click OK.