Setting and Managing Rules to Ask User

Important - The mail server must be able to act as a mail relay. This allows users to release (Send) emails that DLP captured on Ask User rules. The mail server must be configured to trust the DLP Gateway (see Mail Server Required Configuration).

Setting Rules to Ask User

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

    SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.

  2. From the navigation tree, click Policy.

  3. Right-click in the Action column of the ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. and select Ask User.

    Ask User rules depend on the users getting notification and having options to either Send or Discard a message. Before you install a policy with new Ask User rules, make sure the DLP Gateway is set up for Ask User options.

  4. Click Save and then close SmartDashboard.

  5. In SmartConsole, click Install Policy.

To set up the gateway for Ask User rules:

  1. In SmartConsole, click Gateways & Servers and double-click the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

    The gateway window opens and shows the General Properties page.

  2. From the navigation tree, click Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP..

  3. In the DLP Portal area, select Activate DLP Portal for Self Incident Handling.

  4. From the navigation tree, click Data Loss Prevention > Mail Server.

  5. Select the mail server that the DLP Gateway uses to send notification emails.

  6. Click OK.

  7. Install Policy.

Managing Rules in Ask User

You can audit the incident and the decisions that the user makes in the portal. With this information, you can quickly understand which rules should be made more specific, where exceptions are needed, and if a rule should be set to Prevent. Your users become the information security experts, simply by using the Portal.

To review these actions:

  1. In SmartConsole, select SmartConsole > SmartView Tracker.

  2. In the Network & Endpoint tab, select Predefined > Data Loss Prevention Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

  3. Click the All query.

  4. Click entries with Ask User in the Action column for the log record.

  5. See the decision made in the User Response field.