Troubleshooting DLP-Related Authentication Issues

The Check Point database tool, Database Tool (GuiDBEdit Tool), has a number of properties that set default authentication values. These properties can be used in troubleshooting DLP related authentication issues. These objects are found under: Database Tool (GuiDBEdit Tool) > Tables > Other > authentication_objects:

Object

Description

DLPSenderRealm

Controls authentication for the DLP portal and the UserCheck agent. This object contains:

Fetch_options > do_internal_fetch

True by default, meaning DLP does the email look up against user accounts in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
Fetch_options > do_ldap_fetch

True by default, meaning if DLP fails to identify the user through a user account in SmartConsole, it then queries the AD servers defined in the ldap_au container object.
The ldap_au container holds objects that represent AD servers.

Use DLPSenderRealm to solve authentication problems.

dlp_ldap_auth_settings

This object controls how DLP identifies users by querying the email address attribute in the Active Directory. Use this object to troubleshoot problems involving email look up in the Active directory.

The CustomLoginAttr string lets you enter a custom LDAP query with a specified email address. The default query is:

|(mail=<<>>)(proxyAddresses=smtp:<<>>)

By default, it searches for the user with the specified email address.

To refine the query, you can add other AD attributes to the query or change existing ones.

Warning - Changing this default query might affect DLP rules that enforce a policy according to users or user groups defined by access roles. Known users may become Unknown and the data they send is allowed to leave the organization.

dlp_internal_auth_settings

This object controls how DLP identifies users by querying the email address attribute in the database of internal users defined in SmartConsole.