More Options for Rules

After you set up the basics of a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., you can do more.

Viewing Rule Names and Protocols

The name of DLP rules is not visible by default, but you may need to see or change the name. For example, if you follow the logs of a rule, you can match the name in the logs to the name in the policy.

To see rule names in the policy:

Right-click the rule base All rules configured in a given Security Policy. Synonym: Rulebase. headers.
Select Name.

By default, all rules of the DLP policy scan data over the protocols as defined in the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. properties. You can set a rule to scan only specified protocols.

To see the protocols of rules:

Right-click the rule base headers.
Select Protocol.

Setting Rule Severity

You can set the severity rating of a rule. This enables you to filter results and provide more relevant reports in the Logs & Events view .You can also sort and group the Rule Base by severity.

To set severity of a rule:

Go to the Severity column.
Do one of these:
- Keep the default level (for example, Medium).
- Right-click and select a severity.

Flagging Rules

You can flag a rule for different reminders. Flag a rule as Improve Accuracy if it did not catch data as expected. Flag a rule as Follow up, to set a reminder that you want to make changes to this rule or the Data Types that it uses.

You can jump to flagged rules from Overview. In Policy you can group rules by flags.

For example, you use the built-in Data Type Classification of data in a Check Point Security Policy for the Content Awareness Software Blade. Employee Names and create a new rule. You know that this is a placeholder Data Type, and you supply the list of names of employees in your organization. You flag this rule for Improve Accuracy and continue your work on the rule base. Later you can find the rule for Employee Names easily: group the rules by flags or by the Overview link. Then you can edit the Data Type. Start from Policy.

Best Practice - If you import Data Types from Check Point or your vendor, flag rules with these Data Types as Follow up, and check the results of these rules in the Logs & Events view as soon as you can. This ensures that you get any needed assistance in understanding the Data Types and how they can be optimally used.

To set a flag on a rule: in the Flag column, right-click and select a value.

Logs and events generated from rules that are flagged with are also marked with Follow up. After you view the logs and events, you can remove the Follow up flag.

To see logs and events generated by the Follow up rules:

Open Logs & Events > Logs view.
Right-click a column heading and select Edit Profile.
Add Follow up to the list of Selected Fields.

Enabling and Disabling Rules

You can define rules that you think you might need, and disable them until you want them to actually match traffic.

To enable and disable DLP rules:

In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

SmartDashboard Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.
From the navigation tree, click Policy.
To disable a DLP rule, Right-click the rule to disable and select Disable Rule.
To enable a DLP rule:
1. Right-click the disabled rule.
  
  It is marked with a red X in the rule base.
2. Click Disable Rule to clear the selection.
Click Save and then close SmartDashboard.
In SmartConsole, install the policy.