cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

DLP logs with gateway has the source

All the events which are sent to the DLP server is having client IP as the checkpoint IP only.

We have integrated DR Checkpoint firewall with DLP. Traffic is passing to the DLP server from the Firewall. Yet all the events that are collected at the DLP server is having the Firewall IP as its client IP. Due to this we are unable to get the actual client IP for those events.

Kindly confirm whether any settings can be changed from the checkpoint firewall by which the DLP events will show the actual Client machines IP.

0 Kudos
3 Replies
Admin
Admin

Re: DLP logs with gateway has the source

What DLP server?

Is it integrated with ICAP?

What version of Check Point gateway code?

0 Kudos

Re: DLP logs with gateway has the source

What DLP server we are using? Symantec DLP server is used

Is it integrated with ICAP? Yes the ICAP integration is done in the checkpoint firewall

What version of Check Point gateway code? R77.30 Hot Fix Take 302

0 Kudos
Admin
Admin

Re: DLP logs with gateway has the source

Do you have X-Forwarded-For enabled?

To use X-Forwarded-For HTTP header:

  1. Configure your proxy server to use X-Forwarded-For HTTP Header.
  2. In SmartDashboard, on the Identity Awareness page of each gateway object, select Detect users located behind HTTP proxy using X-Forward-For header.
  3. To configure the gateway to hide the X Forwarded-For header to not show internal IP addresses in requests to the internet, select Hide X Forward-For header in outgoing traffic.
  4. Install the Policy.