Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vengatesh_SR
Contributor

DLP logs with gateway has the source

All the events which are sent to the DLP server is having client IP as the checkpoint IP only.

We have integrated DR Checkpoint firewall with DLP. Traffic is passing to the DLP server from the Firewall. Yet all the events that are collected at the DLP server is having the Firewall IP as its client IP. Due to this we are unable to get the actual client IP for those events.

Kindly confirm whether any settings can be changed from the checkpoint firewall by which the DLP events will show the actual Client machines IP.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What DLP server?

Is it integrated with ICAP?

What version of Check Point gateway code?

0 Kudos
Vengatesh_SR
Contributor

What DLP server we are using? Symantec DLP server is used

Is it integrated with ICAP? Yes the ICAP integration is done in the checkpoint firewall

What version of Check Point gateway code? R77.30 Hot Fix Take 302

0 Kudos
PhoneBoy
Admin
Admin

Do you have X-Forwarded-For enabled?

To use X-Forwarded-For HTTP header:

  1. Configure your proxy server to use X-Forwarded-For HTTP Header.
  2. In SmartDashboard, on the Identity Awareness page of each gateway object, select Detect users located behind HTTP proxy using X-Forward-For header.
  3. To configure the gateway to hide the X Forwarded-For header to not show internal IP addresses in requests to the internet, select Hide X Forward-For header in outgoing traffic.
  4. Install the Policy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events