Configuring the Data Loss Prevention Software Blade for Monitor Mode

Configure the settings below, if you enabled the Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. in Monitor Mode:

Step

Instructions

1

Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that manages this Security Gateway.

2

From the left navigation panel, click Manage & Settings > Blades.

3

In the Data Loss Prevention section, click Configure in SmartDashboard.

The SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. window opens.

4

In SmartDashboard:

  1. Click the My Organization page.

  2. In the Email Addresses or Domains section, configure with full list of company's domains.

    There is no need to include subdomains (for example, mydomain.com, mydomain.uk).

  3. In the Networks section, select Anything behind the internal interfaces of my DLP gateways.

  4. In the Users section, select All users.

5

Click the Policy page.

Configure the applicable rules:

  • In the Data column, right-click the pre-defined data types and select Edit.

    • On the General Properties page, in the Flag field, select Improve Accuracy.

    • In the Customer Names data type, we recommend to add the company's real customer names.

  • In the Action column, you must select Detect.

  • In the Severity column, select Critical or High in all applicable rules.

  • You may choose to disable or delete rules that are not applicable to the company or reduce the Severity of these rules.

Note - Before you can configure the DLP rules, you must configure the applicable objects in SmartConsole.

6

Click the Additional Settings > Protocols page.

Configure these settings:

  • In the Email section, select SMTP (Outgoing Emails).

  • In the Web section, select HTTP. Do not configure the HTTPS.

  • In the File Transfer section, do not select FTP.

7

Click Launch Menu > File > Update (or press the CTRL S keys).

8

Close the SmartDashboard.

9

Install the Access Control Policy on the Security Gateway object.

10

Make sure the Security Gateway enabled the SMTP Mirror Port Mode:

  1. Connect to the command line on the Security Gateway.

  2. Log in to the Expert mode.

  3. Run this command:

    dlp_smtp_mirror_port status

  4. Make sure the value of the kernel parameter dlp_force_smtp_kernel_inspection is set to 1 (one).

    Run these two commands:

    fw ctl get int dlp_force_smtp_kernel_inspection

    grep dlp_force_smtp_kernel_inspection $FWDIR/boot/modules/fwkern.conf

For more information:

See the R81 Data Loss Prevention Administration Guide.