Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rukome_agwae
Explorer

DLP policies not being enforced on gateway

Hi, 

I recently deployed my Check Point 5100 gateway as a standalone in my enviroonment and i purchased the DLP blade. I tried earlier to use the Content Awareness feature to achieve want i wanted, that is blocking users from a certain segment in my network from sending specific files, but that did not work. So i tried using the DLP blade and it also still did not work. Users from that segment can still send those files.

Is there any special configurations i need to do appart from the ones specified on the DLP configuration manual

Kindly assist

0 Kudos
6 Replies
Vladimir
Champion
Champion

When you are using content awareness, how exactly are your users sending the files?

If they are using HTTPS based services, perhaps implementing HTTPS inspection is in order.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

To confirm you've integrated DLP with your on premise Exchange email or the files are being sent via an alternate method?

CCSM R77/R80/ELITE
0 Kudos
rukome_agwae
Explorer

i integrated the DLP with the On-premise Exchange Mail server. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Are you seeing any log entries for DLP events via SMTP traffic that you could share (sanitized of course), also could you provide an example of a policy rule that isn't working as intended (is it set to Prevent or Detect)?

The following options may be a factor in some scenarios... moreover I would suggest opening an SR with TAC to investigate further if not already.

DLP

CCSM R77/R80/ELITE
0 Kudos
rukome_agwae
Explorer

Hello Chris,

My primary goal is to prevent some users in a particular segment from send mails. I used Content Awareness to prevent users from sending files but the policy did not work because users from that segment were still able to send attachments.

I also activated the DLP blade. I am also not seeing any logs 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

To confirm the traffic from this network segmemt can only exit via this gateway (from a routing perspective) and you're seeing normal firewall logs for this traffic?

If the routing and configuration checks out per the admin guide definitely raise a case with TAC to investigate further.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events