https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35223#M7420 <HTML><HEAD></HEAD><BODY><P>DLP for SMTP definitely requires a relay of some sort.</P><P>In fact, the recommended configuration is to have an internal mail server and a separate relay in the DMZ</P><P>The relay can be internal, but this is not recommended.</P><P>Both configurations are discussed here:&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_DataLossPrevention_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_DataLossPrevention_AdminGuide/html_frameset.htm">Data Loss Prevention R80.10 (Part of Check Point Infinity)</A>&nbsp;</P></BODY></HTML> Sun, 24 Feb 2019 02:33:47 GMT PhoneBoy 2019-02-24T02:33:47Z https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35222#M7419 <HTML><HEAD></HEAD><BODY><P>Hello all,</P><P></P><P>Looking for a suggestion on the following.</P><P></P><P><STRONG>Requirement</STRONG>:<BR />DLP policy enforcement for outbound SMTP Traffic to G Suite mail relay located on internet.</P><P></P><P><STRONG>Setup</STRONG>:<BR />R80.10 Distributed setup<BR />HTTPS inspection <STRONG>not</STRONG> enabled.</P><P></P><P><STRONG>Description</STRONG>:</P><P>The Mail Relay is located at mail-relay.google.com as customer has a G Suite setup.<BR />We have enabled SMTP protocol under DLP configuration but could not set the mail server as the relay server IP is dynamic in nature.<BR />Not able to add the FQDN address to Mail Server object.</P><P>DLP policy is currently not enforced with this configuration.</P><P></P><P></P><P>Is it possible to achieve this requirement without an internal mail server?<BR />Or should the customer setup an on premise mail relay to enforce DLP policy?</P><P></P><P>Please find the attachment for the required topology.</P><P></P><P></P><P>Thanks!</P><P>Arun Kumar S<BR />Security Engineer<BR />QOS Technology.</P><P></P><P><A href="https://community.checkpoint.com/migrated-users/45458">Prabulingam N</A>‌</P></BODY></HTML> Sat, 23 Feb 2019 16:06:34 GMT https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35222#M7419 Arun_Kumar_S 2019-02-23T16:06:34Z https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35223#M7420 <HTML><HEAD></HEAD><BODY><P>DLP for SMTP definitely requires a relay of some sort.</P><P>In fact, the recommended configuration is to have an internal mail server and a separate relay in the DMZ</P><P>The relay can be internal, but this is not recommended.</P><P>Both configurations are discussed here:&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_DataLossPrevention_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_DataLossPrevention_AdminGuide/html_frameset.htm">Data Loss Prevention R80.10 (Part of Check Point Infinity)</A>&nbsp;</P></BODY></HTML> Sun, 24 Feb 2019 02:33:47 GMT https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35223#M7420 PhoneBoy 2019-02-24T02:33:47Z https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35224#M7421 <HTML><HEAD></HEAD><BODY><P>Thanks for your response.</P><P></P><P>Right now, customer doesn't have a mail server nor a mail relay located on-premise.&nbsp;</P><P>The mail relay is on google cloud and it relays the received mails to the mail server.</P><P></P><P>According to the document, it is required to have an internal mail relay and/or an internal mail server. (Not sure if mail server is mandatory to be internal.)</P><P></P><P>So, the requirement that I mentioned is not possible?</P><P></P><P></P><P>Thanks!!</P></BODY></HTML> Sun, 24 Feb 2019 06:55:11 GMT https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35224#M7421 Arun_Kumar_S 2019-02-24T06:55:11Z https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35225#M7422 <HTML><HEAD></HEAD><BODY><P>Theoretically the mail relay/server could be one in the same server, but it should be on-premise to use the DLP blade on an on-premise security gateway.</P><P>If you're wanting to do DLP with G-Suite, you should be looking into CloudGuard SaaS as that integrates more directly.</P></BODY></HTML> Sun, 24 Feb 2019 13:22:57 GMT https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35225#M7422 PhoneBoy 2019-02-24T13:22:57Z https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35226#M7423 <HTML><HEAD></HEAD><BODY><P>Thanks Dameon.</P></BODY></HTML> Sun, 24 Feb 2019 13:25:36 GMT https://community.checkpoint.com/t5/General-Topics/DLP-Gateway-for-G-Suite-relay/m-p/35226#M7423 Arun_Kumar_S 2019-02-24T13:25:36Z